2 matches found
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2024-624)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-624 advisory. The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a...
php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications
A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser,...