vulnerability
Huawei EulerOS: CVE-2020-7070: php security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Oct 2, 2020 | Nov 3, 2020 | Apr 1, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 2, 2020
Added
Nov 3, 2020
Modified
Apr 1, 2026
Description
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Solutions
huawei-euleros-2_0_sp8-upgrade-phphuawei-euleros-2_0_sp8-upgrade-php-clihuawei-euleros-2_0_sp8-upgrade-php-commonhuawei-euleros-2_0_sp8-upgrade-php-fpmhuawei-euleros-2_0_sp8-upgrade-php-gdhuawei-euleros-2_0_sp8-upgrade-php-ldaphuawei-euleros-2_0_sp8-upgrade-php-odbchuawei-euleros-2_0_sp8-upgrade-php-pdohuawei-euleros-2_0_sp8-upgrade-php-processhuawei-euleros-2_0_sp8-upgrade-php-recodehuawei-euleros-2_0_sp8-upgrade-php-soaphuawei-euleros-2_0_sp8-upgrade-php-xmlhuawei-euleros-2_0_sp8-upgrade-php-xmlrpc
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.