Lucene search
Redhat.comRH:CVE-2017-7189HistoryDec 28, 2019 - 3:32 a.m.
CVE-2017-7189
2019-12-2803:32:57
redhat.com
access.redhat.com
10
EPSS
0.002
Percentile
55.1%
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen(‘127.0.0.1:80’, 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.
Related
ubuntucve
ubuntucve
CVE-2017-7189
2019-07-10 00:00:00
nvd
nvd
CVE-2017-7189
2019-07-10 15:15:11
hackerone
hackerone
Internet Bug Bounty: Inappropriate URL parsing may cause security risk!
2018-01-17 17:30:00
debiancve
debiancve
CVE-2017-7189
2019-07-10 15:15:11
openvas
openvas
PHP 'CVE-2017-7189' Improper Input Validation Vulnerability - Linux
2020-08-17 00:00:00
PHP 'CVE-2017-7189' Improper Input Validation Vulnerability - Windows
2020-08-17 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1542)
2020-04-30 00:00:00
cve
cve
CVE-2017-7189
2019-07-10 15:15:11
cvelist
cvelist
CVE-2017-7189
2019-07-10 14:41:35
prion
prion
Hardcoded credentials
2019-07-10 15:15:00
osv
osv
CVE-2017-7189
2019-07-10 15:15:11
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1542)
2020-05-01 00:00:00
RHEL 7 : php (Unpatched Vulnerability)
2024-07-12 00:00:00
RHEL 8 : php (Unpatched Vulnerability)
2024-07-12 00:00:00