CVE-2017-7189
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.
El archivo main/streams/xp_socket.c en PHP versiones 7.x antes del 07-03-2017 analiza inapropiadamente las llamadas fsockopen, como por ejemplo interpretando fsockopen('127.0.0.1:80', 443) como si la dirección y el puerto fuera 127.0.0.1:80:443, que luego se trunca a 127.0.0.1:80. Este comportamiento presenta un riesgo de seguridad si el número de puerto proporcionado explícitamente (es decir, 443 en este ejemplo) está codificado en una aplicación como una política de seguridad, pero el argumento hostname (es decir, 127.0.0.1:80 en este ejemplo) es obtenido de una entrada no segura.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-20 CVE Reserved
- 2019-07-10 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a | 2019-07-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.16 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.16" | - |
Affected
|