Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-9026

Опубликовано: 08 окт. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 3.3

Описание

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

not-affected

code not present
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

trusty/esm

not-affected

code not present
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

code not present
focal

DNE

jammy

DNE

noble

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

not-affected

code not present
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

not-affected

code not present
focal

not-affected

code not present
jammy

DNE

noble

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

released

8.1.2-1ubuntu2.19
noble

DNE

upstream

released

8.1.30

Показывать по

РелизСтатусПримечание
devel

released

8.3.11-0ubuntu0.24.10.2
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

released

8.3.6-0ubuntu0.24.04.2
upstream

released

8.3.12

Показывать по

Ссылки на источники

EPSS

Процентиль: 3%
0.00018
Низкий

3.3 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-9026

CVSS3: 3.3
redhat
8 месяцев назад

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.

nvd логотип

CVE-2024-9026

CVSS3: 3.3
nvd
8 месяцев назад

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.

msrc логотип

CVE-2024-9026

CVSS3: 3.3
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-9026

CVSS3: 3.3
debian
8 месяцев назад

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...

github логотип

GHSA-865w-9rf3-2wh5

CVSS3: 3.3
github
9 месяцев назад

[PHP-FPM] Logs from childrens may be altered

EPSS

Процентиль: 3%
0.00018
Низкий

3.3 Low

CVSS3