Количество 23
Количество 23
BDU:2024-07679
Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности
ROS-20241015-15
Множественные уязвимости php
ROS-20241015-14
Множественные уязвимости php
ROS-20241015-11
Множественные уязвимости php
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
GHSA-94p6-54jq-9mwp
cgi.force_redirect configuration is bypassable due to the environment variable collision
SUSE-SU-2024:3733-1
Security update for php7
SUSE-SU-2024:3732-1
Security update for php74
SUSE-SU-2024:3729-1
Security update for php8
SUSE-SU-2024:3664-1
Security update for php8
RLSA-2024:10951
Moderate: php:8.2 security update
RLSA-2024:10950
Moderate: php:8.1 security update
RLSA-2024:10949
Moderate: php:8.2 security update
ELSA-2024-10951
ELSA-2024-10951: php:8.2 security update (MODERATE)
ELSA-2024-10950
ELSA-2024-10950: php:8.1 security update (MODERATE)
ELSA-2024-10949
ELSA-2024-10949: php:8.2 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-07679 Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
 | ROS-20241015-15 Множественные уязвимости php | CVSS3: 9.8 | больше 1 года назад | |
| ROS-20241015-14 Множественные уязвимости php | CVSS3: 9.8 | больше 1 года назад | |
| ROS-20241015-11 Множественные уязвимости php | CVSS3: 9.8 | больше 1 года назад | |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVSS3: 7.5 | 0% Низкий | около 1 года назад | |
| CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ... | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| GHSA-94p6-54jq-9mwp cgi.force_redirect configuration is bypassable due to the environment variable collision | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2024:3733-1 Security update for php7 | больше 1 года назад | ||
| SUSE-SU-2024:3732-1 Security update for php74 | больше 1 года назад | ||
| SUSE-SU-2024:3729-1 Security update for php8 | больше 1 года назад | ||
| SUSE-SU-2024:3664-1 Security update for php8 | больше 1 года назад | ||
 | RLSA-2024:10951 Moderate: php:8.2 security update | около 1 года назад | ||
| RLSA-2024:10950 Moderate: php:8.1 security update | около 1 года назад | ||
| RLSA-2024:10949 Moderate: php:8.2 security update | около 1 года назад | ||
| ELSA-2024-10951 ELSA-2024-10951: php:8.2 security update (MODERATE) | около 1 года назад | ||
| ELSA-2024-10950 ELSA-2024-10950: php:8.1 security update (MODERATE) | около 1 года назад | ||
| ELSA-2024-10949 ELSA-2024-10949: php:8.2 security update (MODERATE) | около 1 года назад |
Уязвимостей на страницу