Lucene search
Redhat.comRH:CVE-2020-7070HistoryOct 06, 2020 - 9:20 p.m.
CVE-2020-7070
2020-10-0621:20:55
redhat.com
access.redhat.com
38
0.004 Low
EPSS
Percentile
75.1%
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Related
nessus
nessus
SUSE SLES11 Security Update : php53 (SUSE-SU-2020:14516-1)
2021-06-10 00:00:00
Ubuntu 20.10 : PHP vulnerabilities (USN-4583-2)
2020-10-27 00:00:00
Amazon Linux AMI : php72 (ALAS-2020-1440)
2020-10-28 00:00:00
cvelist
cvelist
CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
2020-09-29 00:00:00
CVE-2020-8184
2020-06-19 00:00:00
alpinelinux
alpinelinux
CVE-2020-7070
2020-10-02 15:15:12
prion
prion
Information disclosure
2020-10-02 15:15:00
Input validation
2020-06-19 17:15:00
osv
osv
CVE-2020-7070
2020-10-02 15:15:12
BIT-php-2020-7070
2024-03-06 11:05:57
nvd
nvd
CVE-2020-7070
2020-10-02 15:15:12
CVE-2020-8184
2020-06-19 17:15:18
cve
cve
CVE-2020-7070
2020-10-02 15:15:12
CVE-2020-8184
2020-06-19 17:15:18
f5
f5
K11435435 : PHP vulnerability CVE-2020-7070
2020-10-22 00:00:00
debiancve
debiancve
CVE-2020-7070
2020-10-02 15:15:12
CVE-2020-8184
2020-06-19 17:15:18
ubuntucve
ubuntucve
CVE-2020-7070
2020-10-02 00:00:00
CVE-2020-8184
2020-06-19 00:00:00
friendsofphp
friendsofphp
amazon
amazon
Medium: php72, php73
2020-10-26 18:16:00
github
github
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-2316)
2020-11-02 00:00:00
Mageia: Security Advisory (MGASA-2020-0306)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2021-1566)
2021-03-05 00:00:00
hackerone
hackerone
mageia
mageia
Updated ruby-rack packages fix security vulnerability
2020-08-01 02:25:42
Updated php packages fix a security vulnerability
2020-10-16 20:04:43
ibm
ibm
Security Bulletin: Aspera on Cloud CVE-2020-8184
2020-09-28 20:47:48
redhatcve
redhatcve
CVE-2020-8184
2020-06-19 16:56:13
debian
debian
[SECURITY] [DLA 2397-1] php7.0 security update
2020-10-06 21:42:36
[SECURITY] [DLA 2275-1] ruby-rack security update
2020-07-10 19:56:49
[SECURITY] [DLA 3298-1] ruby-rack security update
2023-01-30 21:54:32
veracode
veracode
Insecure Cookie Parsing
2020-06-16 07:11:11
Cookie Injection
2020-10-02 06:07:42
rubygems
rubygems
Cookie Prefix Spoofing in CGI::Cookie.parse
2021-11-23 21:00:00
suse
suse
Security update for rubygem-rack (moderate)
2022-09-23 00:00:00
Security update for php7 (important)
2020-10-29 00:00:00
Security update for php7 (important)
2020-10-20 00:00:00
ubuntu
ubuntu
Rack vulnerabilities
2021-04-06 00:00:00
Rack vulnerabilities
2020-09-30 00:00:00
PHP vulnerabilities
2020-10-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.2.34-alt1
2020-10-13 00:00:00
Security fix for the ALT Linux 9 package php7 version 7.3.23-alt1
2020-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: php-7.3.23-1.fc31
2020-10-07 20:45:40
[SECURITY] Fedora 33 Update: php-7.4.11-1.fc33
2020-10-04 00:16:01
[SECURITY] Fedora 32 Update: php-7.4.11-1.fc32
2020-10-07 20:37:09
gentoo
gentoo
PHP: Multiple vulnerabilities
2020-12-23 00:00:00
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
redhat
redhat
(RHSA-2021:4213) Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
(RHSA-2021:2992) Moderate: rh-php73-php security, bug fix, and enhancement update
2021-08-03 08:11:09
(RHSA-2020:4366) Important: Satellite 6.8 release
2020-10-27 12:45:25
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00