vulnerability
Ubuntu: (Multiple Advisories) (CVE-2020-7070): PHP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Oct 2, 2020 | Mar 9, 2021 | Apr 16, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 2, 2020
Added
Mar 9, 2021
Modified
Apr 16, 2026
Description
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Solutions
ubuntu-pro-upgrade-libapache2-mod-php5ubuntu-pro-upgrade-php5-cgiubuntu-pro-upgrade-php5-cliubuntu-pro-upgrade-php5-curlubuntu-pro-upgrade-php5-fpmubuntu-upgrade-libapache2-mod-php5ubuntu-upgrade-libapache2-mod-php7-0ubuntu-upgrade-libapache2-mod-php7-2ubuntu-upgrade-libapache2-mod-php7-4ubuntu-upgrade-php5-cgiubuntu-upgrade-php5-cliubuntu-upgrade-php5-curlubuntu-upgrade-php5-fpmubuntu-upgrade-php7-0-cgiubuntu-upgrade-php7-0-cliubuntu-upgrade-php7-0-curlubuntu-upgrade-php7-0-fpmubuntu-upgrade-php7-2-cgiubuntu-upgrade-php7-2-cliubuntu-upgrade-php7-2-curlubuntu-upgrade-php7-2-fpmubuntu-upgrade-php7-4-cgiubuntu-upgrade-php7-4-cliubuntu-upgrade-php7-4-curlubuntu-upgrade-php7-4-fpm
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.