Published: 02/10/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.1
opensuse leap 15.2
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 20.04
canonical ubuntu linux 12.04
netapp clustered data ontap -
tenable tenable.sc

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, cookie forgery or incorrect encryption For the stable distribution (buster), these problems have been fixed in version 7327-1~deb10u1 We recommend that you upgrade your php73 ...

In PHP versions 72x below 7234, 73x below 7323 and 74x below 7411, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used This can lead to both decreased security and incorrect encryption data (CVE-2020-7069) In PHP versions 72x below 7234, 73x below 7323 and 7 ...

Tenablesc leverages third-party software to help provide underlying functionality Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of the ...

CWE-565 https://bugs.php.net/bug.php?id=79699 http://cve.circl.lu/cve/CVE-2020-8184 https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html https://security.netapp.com/advisory/ntap-20201016-0001/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html https://usn.ubuntu.com/4583-1/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://security.gentoo.org/glsa/202012-16 https://www.debian.org/security/2021/dsa-4856 https://www.tenable.com/security/tns-2021-14 https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4856

CVE-2020-7070

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect