Количество 16
Количество 16
CVE-2024-11234
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
CVE-2024-11234
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
CVE-2024-11234
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
CVE-2024-11234
CVE-2024-11234
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ...
GHSA-c5f2-jwm7-mmq2
Configuring a proxy in a stream context might allow for CRLF injection in URIs
BDU:2024-10555
Уязвимость конфигурации request_fulluri интерпретатора языка программирования PHP, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)
SUSE-SU-2024:4215-1
Security update for php8
SUSE-SU-2024:4146-1
Security update for php7
SUSE-SU-2024:4136-1
Security update for php8
ELSA-2025-7432
ELSA-2025-7432: php:8.2 security update (MODERATE)
ELSA-2025-4263
ELSA-2025-4263: php:8.1 security update (MODERATE)
ELSA-2025-7315
ELSA-2025-7315: php security update (MODERATE)
ROS-20250115-05
Множественные уязвимости PHP 8.3
ROS-20250115-04
Множественные уязвимости PHP 8.2
ROS-20250115-03
Множественные уязвимости PHP 8.1
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-11234 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | CVSS3: 4.8 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-11234 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | CVSS3: 4.8 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-11234 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | CVSS3: 4.8 | 0% Низкий | 7 месяцев назад |
 | CVSS3: 7.2 | 0% Низкий | 6 месяцев назад | |
| CVE-2024-11234 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before ... | CVSS3: 4.8 | 0% Низкий | 7 месяцев назад |
| GHSA-c5f2-jwm7-mmq2 Configuring a proxy in a stream context might allow for CRLF injection in URIs | 0% Низкий | 7 месяцев назад | |
 | BDU:2024-10555 Уязвимость конфигурации request_fulluri интерпретатора языка программирования PHP, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling) | CVSS3: 4.8 | 0% Низкий | 7 месяцев назад |
 | SUSE-SU-2024:4215-1 Security update for php8 | 7 месяцев назад | ||
| SUSE-SU-2024:4146-1 Security update for php7 | 7 месяцев назад | ||
| SUSE-SU-2024:4136-1 Security update for php8 | 7 месяцев назад | ||
| ELSA-2025-7432 ELSA-2025-7432: php:8.2 security update (MODERATE) | 29 дней назад | ||
| ELSA-2025-4263 ELSA-2025-4263: php:8.1 security update (MODERATE) | около 2 месяцев назад | ||
| ELSA-2025-7315 ELSA-2025-7315: php security update (MODERATE) | около 1 месяца назад | ||
 | ROS-20250115-05 Множественные уязвимости PHP 8.3 | CVSS3: 9.8 | 5 месяцев назад | |
| ROS-20250115-04 Множественные уязвимости PHP 8.2 | CVSS3: 9.8 | 5 месяцев назад | |
| ROS-20250115-03 Множественные уязвимости PHP 8.1 | CVSS3: 9.8 | 5 месяцев назад |
Уязвимостей на страницу