3 matches found
Amazon Linux 2 : php (ALASPHP8.1-2024-005)
The version of php installed on the remote host is prior to 8.1.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2024-005 advisory. The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is...
BIT-PHP-2024-2408 PHP is vulnerable to the Marvin Attack
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
PT-2024-5790 · Openssl +6 · Openssl +6
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 8.1.29 PHP versions prior to 8.2.20 PHP versions prior to 8.3.8 Description: The issue is related to the openssl private decrypt function in PHP when using PKCS1 padding, which is the default. This makes PHP vulnerable t...