Lucene search

Ubuntu.comUB:CVE-2022-36032

HistorySep 06, 2022 - 12:00 a.m.

CVE-2022-36032

2022-09-0600:00:00

ubuntu.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

36.1%

JSON

ReactPHP HTTP is a streaming HTTP client and server implementation for
ReactPHP. In ReactPHP’s HTTP server component versions starting with 0.7.0
and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie
values, the cookie names are url-decoded. This may lead to cookies with
prefixes like __Host- and __Secure- confused with cookies that decode
to such prefix, thus leading to an attacker being able to forge cookie
which is supposed to be secure. This issue is fixed in ReactPHP HTTP
version 1.7.0. As a workaround, Infrastructure or DevOps can place a
reverse proxy in front of the ReactPHP HTTP server to filter out any
unexpected Cookie request headers.

Notes

Author	Note
alexmurray	icinga-php-thirdparty and icingaweb2-module-reactbundle both vendor a copy of reactphp/http

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchicinga-php-thirdparty< anyUNKNOWN
ubuntu23.10noarchicinga-php-thirdparty< anyUNKNOWN
ubuntu24.04noarchicinga-php-thirdparty< anyUNKNOWN
ubuntu22.04noarchicingaweb2-module-reactbundle< anyUNKNOWN
ubuntu23.10noarchicingaweb2-module-reactbundle< anyUNKNOWN
ubuntu24.04noarchicingaweb2-module-reactbundle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	icinga-php-thirdparty	< any	UNKNOWN
ubuntu	23.10	noarch	icinga-php-thirdparty	< any	UNKNOWN
ubuntu	24.04	noarch	icinga-php-thirdparty	< any	UNKNOWN
ubuntu	22.04	noarch	icingaweb2-module-reactbundle	< any	UNKNOWN
ubuntu	23.10	noarch	icingaweb2-module-reactbundle	< any	UNKNOWN
ubuntu	24.04	noarch	icingaweb2-module-reactbundle	< any	UNKNOWN

References

github.com/reactphp/http/commit/663c9a3b77b71463fa7fcb76a6676ffd16979dd6

github.com/reactphp/http/pull/175

github.com/reactphp/http/releases/tag/v1.7.0

github.com/reactphp/http/security/advisories/GHSA-w3w9-vrf5-8mx8

launchpad.net/bugs/cve/CVE-2022-36032

nvd.nist.gov/vuln/detail/CVE-2022-36032

security-tracker.debian.org/tracker/CVE-2022-36032

www.cve.org/CVERecord?id=CVE-2022-36032

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for UB:CVE-2022-36032