Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2026/02/10 8:28 p.m.3 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/09/11 12:0 p.m.3 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/04/28 3:19 p.m.208 views

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

7.2CVSS5.8AI score0.01132EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.3 views

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, and 8.3. before 8.3.14, when using streams with a configured proxy and the “requestfulluri” option, the URI is not properly sanitized. This can lead to HTTP request smuggling, allowing attackers to use the proxy to send arbitrary HTTP reques...

7.2CVSS6.4AI score0.01132EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.5 views

The vulnerability of the `request_fulluri` configuration in the PHP programming language interpreter allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the requestfulluri configuration in the PHP programming language interpreter is related to the failure to eliminate CRLF sequences due to the use of the true value. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP Request Smuggling atta...

4.8CVSS6AI score0.01132EPSS
Exploits1References10Affected Software4
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.3 views

PT-2024-8888

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.31 PHP versions 8.2. before 8.2.26 PHP versions 8.3. before 8.3.14 Description: The issue is related to the configuration of the request fulluri option in PHP, which can lead to HTTP request smuggling when using...

9.8CVSS7.8AI score0.02286EPSS
Exploits11References113
Rows per page
Query Builder