CVE-2020-7070 Information
Share on:Description
In PHP versions 7.2.x below 7.2.34 7.3.x below 7.3.23 and 7.4.x below 7.4.11 when PHP is processing incoming HTTP cookie values the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Reference
http://cve.circl.lu/cve/CVE-2020-8184 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://bugs.php.net/bug.php?id=79699 https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html https://lists.fedoraproject.org/archives/list/[email protected]/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/ https://lists.fedoraproject.org/archives/list/[email protected]/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/ https://lists.fedoraproject.org/archives/list/[email protected]/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/ https://security.netapp.com/advisory/ntap-20201016-0001/ https://usn.ubuntu.com/4583-1/ In PHP versions 7.2.x below 7.2.34 7.3.x below 7.3.23 and 7.4.x below 7.4.11 when PHP is processing incoming HTTP cookie values the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
5.3