Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-1734

Опубликовано: 30 мар. 2025
Источник: redhat
CVSS3: 3.7

Описание

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

A flaw was found in PHP. This vulnerability allows applications to accept invalid headers via malformed HTTP headers missing a colon (:), which may confuse applications into processing them as valid headers.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6phpOut of support scope
Red Hat Enterprise Linux 7phpOut of support scope
Red Hat Enterprise Linux 8php:7.4/phpAffected
Red Hat Enterprise Linux 8php:8.2/phpAffected
Red Hat Enterprise Linux 10phpFixedRHSA-2025:748913.05.2025
Red Hat Enterprise Linux 9phpFixedRHSA-2025:426328.04.2025
Red Hat Enterprise Linux 9phpFixedRHSA-2025:741813.05.2025
Red Hat Enterprise Linux 9phpFixedRHSA-2025:743113.05.2025
Red Hat Enterprise Linux 9phpFixedRHSA-2025:743213.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2356042php: Streams HTTP wrapper does not fail for headers with invalid name and no colon

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-1734

ubuntu
3 месяца назад

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

nvd логотип

CVE-2025-1734

nvd
3 месяца назад

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

msrc логотип

CVE-2025-1734

msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2025-1734

debian
3 месяца назад

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...

github логотип

GHSA-pcmh-g36c-qc44

github
3 месяца назад

Streams HTTP wrapper does not fail for headers with invalid name and no colon

3.7 Low

CVSS3