PT-2020-5866 · Php+9 · Php+9

Published

2020-04-27

·

Updated

2025-08-11

·

CVE-2020-7070

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.33 PHP versions 7.3.x through 7.3.22 PHP versions 7.4.x through 7.4.10
Description: The issue is related to the processing of incoming HTTP cookie values in PHP, where cookie names are url-decoded. This may lead to cookies with prefixes like Host being confused with cookies that decode to such prefix, thus allowing an attacker to forge a cookie that is supposed to be secure.
Recommendations: For PHP versions 7.2.x through 7.2.33, update to version 7.2.34 or later. For PHP versions 7.3.x through 7.3.22, update to version 7.3.23 or later. For PHP versions 7.4.x through 7.4.10, update to version 7.4.11 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-565CWE-20

Related Identifiers

ALSA-2021:4213
ALT-PU-2020-2960
ALT-PU-2020-3009
ALT-PU-2021-3079
BDU:2021-01913
BIT-LIBPHP-2020-7070
BIT-PHP-2020-7070
BIT-PHP-MIN-2020-7070
CESA-2021_4213
CVE-2020-7070
DLA-2397-1
DSA-4856-1
MGASA-2020-0387
OESA-2021-1056
OESA-2021-1065
OPENSUSE-SU-2020:1703-1
OPENSUSE-SU-2020:1767-1
OPENSUSE-SU-2020_1703-1
OPENSUSE-SU-2020_1767-1
OPENSUSE-SU-2022_4067-1
OPENSUSE-SU-2022_4069-1
RHSA-2021:2992
RHSA-2021:4213
RHSA-2021_4213
RLSA-2021:4213
SUSE-SU-2020:14516-1
SUSE-SU-2020:2894-1
SUSE-SU-2020:2896-1
SUSE-SU-2020:2920-1
SUSE-SU-2020:2941-1
SUSE-SU-2020:2943-1
SUSE-SU-2020:2997-1
SUSE-SU-2020_14516-1
SUSE-SU-2020_2894-1
SUSE-SU-2020_2920-1
SUSE-SU-2022:4067-1
SUSE-SU-2022:4068-1
SUSE-SU-2022:4069-1
USN-4583-1
USN-4583-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Rocky Linux
Suse
Ubuntu