Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-2756HistoryApr 29, 2024 - 4:15 a.m.
CVE-2024-2756
2024-04-2904:15:07
Debian Security Bug Tracker
security-tracker.debian.org
28
incomplete fix
insecure cookies
php applications
same-site attackers
github advisory
cve-2022-31629
network attackers
__host- cookie
__secure- cookie
unix
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7.8
Confidence
Low
EPSS
0.006
Percentile
79.3%
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim’s browser which is treated as a __Host- or __Secure- cookie by PHP applications.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | php7.4 | < 7.4.33-1+deb11u5 | php7.4_7.4.33-1+deb11u5_all.deb |
| Debian | 12 | all | php8.2 | < 8.2.18-1~deb12u1 | php8.2_8.2.18-1~deb12u1_all.deb |
| Debian | 999 | all | php8.2 | < 8.2.18-1 | php8.2_8.2.18-1_all.deb |
| Debian | 13 | all | php8.2 | < 8.2.18-1 | php8.2_8.2.18-1_all.deb |
Related
cvelist
cvelist
openvas
openvas
PHP 8.1.11 < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-wpj3-hf5j-x4v4) - Windows
2024-04-15 00:00:00
PHP 8.1.11 < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-wpj3-hf5j-x4v4) - Linux
2024-04-15 00:00:00
openSUSE: Security Advisory for php8 (SUSE-SU-2024:1446-1)
2024-04-27 00:00:00
cve
cve
CVE-2024-2756
2024-04-29 04:15:07
CVE-2022-31629
2022-09-28 23:15:10
alpinelinux
alpinelinux
CVE-2024-2756
2024-04-29 04:15:07
CVE-2022-31629
2022-09-28 23:15:10
ubuntucve
ubuntucve
CVE-2024-2756
2024-04-16 00:00:00
CVE-2022-31629
2022-09-28 00:00:00
osv
osv
BIT-php-2024-2756
2024-05-14 07:29:36
Security update for php7
2024-06-17 07:30:42
BIT-php-2022-31629
2024-03-06 11:03:40
nvd
nvd
CVE-2024-2756
2024-04-29 04:15:07
CVE-2022-31629
2022-09-28 23:15:10
vulnrichment
vulnrichment
cloudlinux
cloudlinux
php: Fix of 2 CVEs
2024-05-09 18:56:08
nessus
nessus
CBL Mariner 2.0 Security Update: php (CVE-2024-2756)
2024-07-03 00:00:00
SUSE SLES12 Security Update : php74 (SUSE-SU-2024:1445-1)
2024-04-29 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2024:1444-1)
2024-04-29 00:00:00
redhatcve
redhatcve
CVE-2024-2756
2024-04-15 08:56:16
CVE-2022-31629
2022-10-13 14:29:56
debian
debian
[SECURITY] [DLA 3810-1] php7.3 security update
2024-05-07 23:30:41
[SECURITY] [DSA 5277-1] php7.4 security update
2022-11-13 18:52:43
[SECURITY] [DSA 5661-1] php8.2 security update
2024-04-15 19:27:08
fedora
fedora
[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39
2024-04-19 01:18:35
[SECURITY] Fedora 38 Update: php-8.2.18-1.fc38
2024-04-19 02:53:20
[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40
2024-04-19 21:43:53
slackware
slackware
[slackware-security] php
2024-04-12 19:36:41
[slackware-security] php
2022-09-30 18:00:43
mageia
mageia
Updated php packages fix security vulnerabilities
2024-04-13 19:56:38
Updated php packages fix security vulnerability
2022-10-08 23:22:22
redos
redos
ROS-20240730-07
2024-07-30 00:00:00
ROS-20240816-10
2024-08-16 00:00:00
prion
prion
Code injection
2022-09-28 23:15:00
debiancve
debiancve
CVE-2022-31629
2022-09-28 23:15:10
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.0 version 8.0.24-alt1
2022-10-13 00:00:00
Security fix for the ALT Linux 10 package php8.2 version 8.1.11-alt1
2022-09-30 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.1.11-alt1
2022-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Authentication Bypass (CVE-2022-31629)
2022-11-24 00:00:00
veracode
veracode
Insecure Cookie
2022-09-30 11:10:30
githubexploit
githubexploit
Exploit for Improper Input Validation in Php
2022-10-07 08:15:23
cbl_mariner
cbl_mariner
CVE-2022-31629 affecting package php 7.4.14-3
2024-09-30 03:52:42
CVE-2024-2756 affecting package php for versions less than 8.1.28-1
2024-05-06 17:48:02
freebsd
freebsd
php -- Multiple vulnerabilities
2024-04-11 00:00:00
suse
suse
Security update for php7 (moderate)
2022-11-01 00:00:00
Security update for php8 (important)
2022-10-19 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2024-04-29 00:00:00
PHP vulnerabilities
2024-05-02 00:00:00
PHP vulnerabilities
2022-11-08 00:00:00
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-11-19 00:00:00
PHP: Multiple Vulnerabilities
2024-08-12 00:00:00
almalinux
almalinux
Moderate: php security update
2023-02-28 00:00:00
Moderate: php:7.4 security update
2023-05-16 00:00:00
Moderate: php:8.0 security update
2023-02-21 00:00:00
redhat
redhat
(RHSA-2023:2903) Moderate: php:7.4 security update
2023-05-16 05:57:44
(RHSA-2023:0965) Moderate: php security update
2023-02-28 07:53:30
(RHSA-2023:2417) Moderate: php:8.1 security update
2023-05-09 05:10:10
oraclelinux
oraclelinux
php:8.0 security update
2023-02-22 00:00:00
php security update
2023-02-28 00:00:00
8.1 security update
2023-05-15 00:00:00
rocky
rocky
php:8.0 security update
2023-02-22 01:08:53
php security update
2023-04-06 15:53:36
ibm
ibm
hp
hp
HP Device Manager Security Updates
2023-04-13 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7.8
Confidence
Low
EPSS
0.006
Percentile
79.3%
Related for DEBIANCVE:CVE-2024-2756