Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2756

Published: 29/04/2024 Updated: 08/05/2024

Vulnerability Summary

Due to an incomplete fix to CVE-2022-31629 github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. 

Vulnerability Trend

Mailing Lists

Full Disclosure: PHP security releases 8.1.28, 8.2.18, & 8.3.6
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> PHP security releases 8128, 8218, &amp; 836 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmit ...

References

https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4http://www.openwall.com/lists/oss-security/2024/04/12/11https://lists.debian.org/debian-lts-announce/2024/05/msg00005.htmlhttps://nvd.nist.govhttps://seclists.org/oss-sec/2024/q2/113
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook