admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-112xx/CVE-2024-11234.json
cad-safe-bot a7b01566d8 Auto-Update: 2024-11-26T21:01:59.977631+00:00
2024-11-26 21:05:12 +00:00

127 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-11234",
"sourceIdentifier": "security@php.net",
"published": "2024-11-24T01:15:03.987",
"lastModified": "2024-11-26T19:06:10.243",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and \"request_fulluri\" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user."
},
{
"lang": "es",
"value": "En las versiones de PHP 8.1.* anteriores a 8.1.31, 8.2.* anteriores a 8.2.26, 8.3.* anteriores a 8.3.14, cuando se utilizan flujos con proxy configurado y la opci\u00f3n \"request_fulluri\", la URI no se desinfecta correctamente, lo que puede provocar contrabando de solicitudes HTTP y permitir que el atacante use el proxy para realizar solicitudes HTTP arbitrarias que se originan en el servidor, obteniendo as\u00ed potencialmente acceso a recursos que normalmente no est\u00e1n disponibles para el usuario externo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@php.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@php.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.31",
"matchCriteriaId": "CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
"versionEndExcluding": "8.2.26",
"matchCriteriaId": "C160D91A-CF97-4DD1-A34F-8B8C852B3CEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3.0",
"versionEndExcluding": "8.3.14",
"matchCriteriaId": "35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2",
"source": "security@php.net",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink