VULNERABILITY

Amazon Linux 2023: CVE-2024-2756: Important priority package update for php8.1 (Multiple Advisories)

Try Surface Command Get a continuous 360° view of your attack surface
Back to Search

Amazon Linux 2023: CVE-2024-2756: Important priority package update for php8.1 (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
04/12/2024
Created
02/14/2025
Added
02/17/2025
Modified
02/17/2025

Description

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.  An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser.

Solution(s)

  • amazon-linux-2023-upgrade-php8-1
  • amazon-linux-2023-upgrade-php8-1-bcmath
  • amazon-linux-2023-upgrade-php8-1-bcmath-debuginfo
  • amazon-linux-2023-upgrade-php8-1-cli
  • amazon-linux-2023-upgrade-php8-1-cli-debuginfo
  • amazon-linux-2023-upgrade-php8-1-common
  • amazon-linux-2023-upgrade-php8-1-common-debuginfo
  • amazon-linux-2023-upgrade-php8-1-dba
  • amazon-linux-2023-upgrade-php8-1-dba-debuginfo
  • amazon-linux-2023-upgrade-php8-1-dbg
  • amazon-linux-2023-upgrade-php8-1-dbg-debuginfo
  • amazon-linux-2023-upgrade-php8-1-debuginfo
  • amazon-linux-2023-upgrade-php8-1-debugsource
  • amazon-linux-2023-upgrade-php8-1-devel
  • amazon-linux-2023-upgrade-php8-1-embedded
  • amazon-linux-2023-upgrade-php8-1-embedded-debuginfo
  • amazon-linux-2023-upgrade-php8-1-enchant
  • amazon-linux-2023-upgrade-php8-1-enchant-debuginfo
  • amazon-linux-2023-upgrade-php8-1-ffi
  • amazon-linux-2023-upgrade-php8-1-ffi-debuginfo
  • amazon-linux-2023-upgrade-php8-1-fpm
  • amazon-linux-2023-upgrade-php8-1-fpm-debuginfo
  • amazon-linux-2023-upgrade-php8-1-gd
  • amazon-linux-2023-upgrade-php8-1-gd-debuginfo
  • amazon-linux-2023-upgrade-php8-1-gmp
  • amazon-linux-2023-upgrade-php8-1-gmp-debuginfo
  • amazon-linux-2023-upgrade-php8-1-intl
  • amazon-linux-2023-upgrade-php8-1-intl-debuginfo
  • amazon-linux-2023-upgrade-php8-1-ldap
  • amazon-linux-2023-upgrade-php8-1-ldap-debuginfo
  • amazon-linux-2023-upgrade-php8-1-mbstring
  • amazon-linux-2023-upgrade-php8-1-mbstring-debuginfo
  • amazon-linux-2023-upgrade-php8-1-mysqlnd
  • amazon-linux-2023-upgrade-php8-1-mysqlnd-debuginfo
  • amazon-linux-2023-upgrade-php8-1-odbc
  • amazon-linux-2023-upgrade-php8-1-odbc-debuginfo
  • amazon-linux-2023-upgrade-php8-1-opcache
  • amazon-linux-2023-upgrade-php8-1-opcache-debuginfo
  • amazon-linux-2023-upgrade-php8-1-pdo
  • amazon-linux-2023-upgrade-php8-1-pdo-debuginfo
  • amazon-linux-2023-upgrade-php8-1-pgsql
  • amazon-linux-2023-upgrade-php8-1-pgsql-debuginfo
  • amazon-linux-2023-upgrade-php8-1-process
  • amazon-linux-2023-upgrade-php8-1-process-debuginfo
  • amazon-linux-2023-upgrade-php8-1-pspell
  • amazon-linux-2023-upgrade-php8-1-pspell-debuginfo
  • amazon-linux-2023-upgrade-php8-1-snmp
  • amazon-linux-2023-upgrade-php8-1-snmp-debuginfo
  • amazon-linux-2023-upgrade-php8-1-soap
  • amazon-linux-2023-upgrade-php8-1-soap-debuginfo
  • amazon-linux-2023-upgrade-php8-1-tidy
  • amazon-linux-2023-upgrade-php8-1-tidy-debuginfo
  • amazon-linux-2023-upgrade-php8-1-xml
  • amazon-linux-2023-upgrade-php8-1-xml-debuginfo
  • amazon-linux-2023-upgrade-php8-1-zip
  • amazon-linux-2023-upgrade-php8-1-zip-debuginfo
  • amazon-linux-2023-upgrade-php8-2
  • amazon-linux-2023-upgrade-php8-2-bcmath
  • amazon-linux-2023-upgrade-php8-2-bcmath-debuginfo
  • amazon-linux-2023-upgrade-php8-2-cli
  • amazon-linux-2023-upgrade-php8-2-cli-debuginfo
  • amazon-linux-2023-upgrade-php8-2-common
  • amazon-linux-2023-upgrade-php8-2-common-debuginfo
  • amazon-linux-2023-upgrade-php8-2-dba
  • amazon-linux-2023-upgrade-php8-2-dba-debuginfo
  • amazon-linux-2023-upgrade-php8-2-dbg
  • amazon-linux-2023-upgrade-php8-2-dbg-debuginfo
  • amazon-linux-2023-upgrade-php8-2-debuginfo
  • amazon-linux-2023-upgrade-php8-2-debugsource
  • amazon-linux-2023-upgrade-php8-2-devel
  • amazon-linux-2023-upgrade-php8-2-embedded
  • amazon-linux-2023-upgrade-php8-2-embedded-debuginfo
  • amazon-linux-2023-upgrade-php8-2-enchant
  • amazon-linux-2023-upgrade-php8-2-enchant-debuginfo
  • amazon-linux-2023-upgrade-php8-2-ffi
  • amazon-linux-2023-upgrade-php8-2-ffi-debuginfo
  • amazon-linux-2023-upgrade-php8-2-fpm
  • amazon-linux-2023-upgrade-php8-2-fpm-debuginfo
  • amazon-linux-2023-upgrade-php8-2-gd
  • amazon-linux-2023-upgrade-php8-2-gd-debuginfo
  • amazon-linux-2023-upgrade-php8-2-gmp
  • amazon-linux-2023-upgrade-php8-2-gmp-debuginfo
  • amazon-linux-2023-upgrade-php8-2-intl
  • amazon-linux-2023-upgrade-php8-2-intl-debuginfo
  • amazon-linux-2023-upgrade-php8-2-ldap
  • amazon-linux-2023-upgrade-php8-2-ldap-debuginfo
  • amazon-linux-2023-upgrade-php8-2-mbstring
  • amazon-linux-2023-upgrade-php8-2-mbstring-debuginfo
  • amazon-linux-2023-upgrade-php8-2-mysqlnd
  • amazon-linux-2023-upgrade-php8-2-mysqlnd-debuginfo
  • amazon-linux-2023-upgrade-php8-2-odbc
  • amazon-linux-2023-upgrade-php8-2-odbc-debuginfo
  • amazon-linux-2023-upgrade-php8-2-opcache
  • amazon-linux-2023-upgrade-php8-2-opcache-debuginfo
  • amazon-linux-2023-upgrade-php8-2-pdo
  • amazon-linux-2023-upgrade-php8-2-pdo-debuginfo
  • amazon-linux-2023-upgrade-php8-2-pgsql
  • amazon-linux-2023-upgrade-php8-2-pgsql-debuginfo
  • amazon-linux-2023-upgrade-php8-2-process
  • amazon-linux-2023-upgrade-php8-2-process-debuginfo
  • amazon-linux-2023-upgrade-php8-2-pspell
  • amazon-linux-2023-upgrade-php8-2-pspell-debuginfo
  • amazon-linux-2023-upgrade-php8-2-snmp
  • amazon-linux-2023-upgrade-php8-2-snmp-debuginfo
  • amazon-linux-2023-upgrade-php8-2-soap
  • amazon-linux-2023-upgrade-php8-2-soap-debuginfo
  • amazon-linux-2023-upgrade-php8-2-sodium
  • amazon-linux-2023-upgrade-php8-2-sodium-debuginfo
  • amazon-linux-2023-upgrade-php8-2-tidy
  • amazon-linux-2023-upgrade-php8-2-tidy-debuginfo
  • amazon-linux-2023-upgrade-php8-2-xml
  • amazon-linux-2023-upgrade-php8-2-xml-debuginfo
  • amazon-linux-2023-upgrade-php8-2-zip
  • amazon-linux-2023-upgrade-php8-2-zip-debuginfo

References

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;