vulnerability
Oracle Solaris 11: CVE-2020-7070 (11.4 SRU 28.82.3)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Oct 2, 2020 | Jan 19, 2021 | Feb 17, 2022 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 2, 2020
Added
Jan 19, 2021
Modified
Feb 17, 2022
Description
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Solution(s)
oracle-solaris-11-4-upgrade-web-php-73-7-3-23-11-4-28-0-1-82-2oracle-solaris-11-4-upgrade-web-php-74-7-4-11-11-4-28-0-1-82-2

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.