Executive Summary

Informations
NameCVE-2017-7189First vendor Publication2019-07-10
VendorCveLast vendor Modification2019-07-17

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7189

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application44

Sources (Detail)

SourceUrl
MISC https://bugs.php.net/bug.php?id=74192
https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-07-17 21:19:29
  • Multiple Updates
2019-07-10 21:19:24
  • First insertion