CVE-2020-7070

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

References

https://bugs.php.net/bug.php?id=79699

http://cve.circl.lu/cve/CVE-2020-8184

https://hackerone.com/reports/895727

https://lists.fedoraproject.org/archives/list/[email protected]/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/

https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/

https://lists.fedoraproject.org/archives/list/[email protected]/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/

https://security.netapp.com/advisory/ntap-20201016-0001/

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html

https://usn.ubuntu.com/4583-1/

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html

https://security.gentoo.org/glsa/202012-16

https://www.debian.org/security/2021/dsa-4856

https://www.tenable.com/security/tns-2021-14

https://www.oracle.com/security-alerts/cpuoct2021.html

Details

Source: MITRE

Published: 2020-10-02

Updated: 2021-10-20

Type: CWE-565

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Configuration 6

OR

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
152986Tenable SecurityCenter < 5.19.0 Multiple Vulnerabilities (TNS-2021-14)NessusMisc.
high
152348RHEL 7 : rh-php73-php (RHSA-2021:2992)NessusRed Hat Local Security Checks
medium
151985Tenable.sc < 5.19.0 Multiple Vulnerabilities (TNS-2021-14) (deprecated)NessusMisc.
high
150548SUSE SLES11 Security Update : php53 (SUSE-SU-2020:14516-1)NessusSuSE Local Security Checks
medium
147033EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2021-1566)NessusHuawei Local Security Checks
medium
146613Debian DSA-4856-1 : php7.3 - security updateNessusDebian Local Security Checks
medium
144602GLSA-202012-16 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
143783SUSE SLES12 Security Update : php74 (SUSE-SU-2020:2896-1)NessusSuSE Local Security Checks
medium
143775SUSE SLES12 Security Update : php5 (SUSE-SU-2020:2894-1)NessusSuSE Local Security Checks
medium
143747SUSE SLES12 Security Update : php7 (SUSE-SU-2020:2920-1)NessusSuSE Local Security Checks
medium
143744SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2997-1)NessusSuSE Local Security Checks
medium
143672SUSE SLES12 Security Update : php72 (SUSE-SU-2020:2943-1)NessusSuSE Local Security Checks
medium
143640SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2941-1)NessusSuSE Local Security Checks
medium
142167EulerOS 2.0 SP8 : php (EulerOS-SA-2020-2316)NessusHuawei Local Security Checks
medium
142078openSUSE Security Update : php7 (openSUSE-2020-1767)NessusSuSE Local Security Checks
medium
141980Amazon Linux AMI : php72 (ALAS-2020-1440)NessusAmazon Linux Local Security Checks
medium
141936Ubuntu 20.10 : PHP vulnerabilities (USN-4583-2)NessusUbuntu Local Security Checks
medium
141662openSUSE Security Update : php7 (openSUSE-2020-1703)NessusSuSE Local Security Checks
medium
141355PHP 7.2 < 7.2.34 / 7.3.x < 7.3.23 / 7.4.x < 7.4.11 Mulitiple VulnerabilitiesNessusCGI abuses
medium
112604PHP 7.2.x < 7.2.34 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
medium
112603PHP 7.3.x < 7.3.23 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
medium
112602PHP 7.4.x < 7.4.11 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
medium
141299Fedora 33 : php (2020-4573f0e03a)NessusFedora Local Security Checks
medium
141296Fedora 32 : php (2020-4fe6b116e5)NessusFedora Local Security Checks
medium
141295Fedora 31 : php (2020-94763cb98b)NessusFedora Local Security Checks
medium
141247Debian DLA-2397-1 : php7.0 security updateNessusDebian Local Security Checks
medium