PT-2017-4184 · Php+2 · Php+2

Published

2017-07-10

Updated

2018-01-14

CVE-2016-10397

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.28 PHP versions 7.x prior to 7.0.13

Description The issue arises from incorrect handling of various URI components in the URL parser, which could allow attackers to bypass hostname-specific URL checks. This is demonstrated by inputs such as 'evil.example.com:80#@good.example.com/' and 'evil.example.com:80?@good.example.com/' to the parse url function. The vulnerability exists due to insufficient input validation in the PHP interpreter's parse url function, potentially allowing a remote attacker to substitute the displayed URL.

Recommendations For PHP versions prior to 5.6.28, update to version 5.6.28 or later. For PHP versions 7.x prior to 7.0.13, update to version 7.0.13 or later. As a temporary workaround, consider restricting the use of the parse url function until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-02562

CVE-2016-10397

DLA-1034-1

OPENSUSE-SU-2017_2337-1

SUSE-SU-2017:2303-1

SUSE-SU-2017:2317-1

SUSE-SU-2017:2522-1

SUSE-SU-2017_2303-1

SUSE-SU-2017_2317-1

USN-3382-1

USN-3382-2

Affected Products

Php

Suse

Ubuntu

PT-2017-4184 · Php+2 · Php+2

CVE-2016-10397

Weakness Enumeration

Related Identifiers

Affected Products

References · 115