A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim’s browser, which is treated as a __Host- or __Secure- cookie by PHP applications, posing a threat to data integrity.

References

bugs.php.net/bug.php?id=81727

bugzilla.redhat.com/show_bug.cgi?id=2133687

nvd.nist.gov/vuln/detail/CVE-2022-31629

www.cve.org/CVERecord?id=CVE-2022-31629

cvelist 2

altlinux 3

nvd 2

osv 13

checkpoint_advisories 1

debiancve 2

cve 2

alpinelinux 2

ubuntucve 2

prion 1

veracode 1

githubexploit 1

cbl_mariner 1

nessus 66

openvas 29

vulnrichment 1

fedora 6

suse 2

slackware 2

cloudlinux 1

redhatcve 1

mageia 2

debian 3

gentoo 1

ubuntu 2

oraclelinux 4

freebsd 1

redhat 4

almalinux 4

rocky 2

ibm 1

hp 1

oracle 1

cvelist

CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

2022-09-28 00:00:00

CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

2024-04-29 03:34:16

altlinux

Security fix for the ALT Linux 10 package php8.0 version 8.0.24-alt1

2022-10-13 00:00:00

Security fix for the ALT Linux 10 package php8.1 version 8.1.11-alt1

2022-10-11 00:00:00

Security fix for the ALT Linux 10 package php8.2 version 8.1.11-alt1

2022-09-30 00:00:00

nvd

CVE-2022-31629

2022-09-28 23:15:10

CVE-2024-2756

2024-04-29 04:15:07

osv

CVE-2022-31629

2022-09-28 23:15:10

BIT-php-2022-31629

2024-03-06 11:03:40

BIT-php-2024-2756

2024-05-14 07:29:36

checkpoint_advisories

PHP Authentication Bypass (CVE-2022-31629)

2022-11-24 00:00:00

debiancve

CVE-2022-31629

2022-09-28 23:15:10

CVE-2024-2756

2024-04-29 04:15:07

cve

CVE-2022-31629

2022-09-28 23:15:10

CVE-2024-2756

2024-04-29 04:15:07

alpinelinux

CVE-2022-31629

2022-09-28 23:15:10

CVE-2024-2756

2024-04-29 04:15:07

ubuntucve

CVE-2022-31629

2022-09-28 00:00:00

CVE-2024-2756

2024-04-16 00:00:00

prion

Code injection

2022-09-28 23:15:00

veracode

Insecure Cookie

2022-09-30 11:10:30

githubexploit

Exploit for Improper Input Validation in Php

2022-10-07 08:15:23

cbl_mariner

CVE-2022-31629 affecting package php 7.4.14-3

2024-07-03 03:08:37

nessus

Amazon Linux 2 : php (ALASPHP8.0-2023-005)

2023-09-13 00:00:00

Fedora 35 : php (2022-afdea1c747)

2022-12-21 00:00:00

Fedora 36 : php (2022-0b77fbd9e7)

2022-12-23 00:00:00

openvas

PHP < 7.4.31, 8.0.x < 8.0.24, 8.1.x < 8.1.11 Security Update - Linux

2022-09-29 00:00:00

PHP 8.1.11 < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-wpj3-hf5j-x4v4) - Windows

2024-04-15 00:00:00

Fedora: Security Advisory for php (FEDORA-2022-afdea1c747)

2022-10-08 00:00:00

vulnrichment

CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

2024-04-29 03:34:16

fedora

[SECURITY] Fedora 36 Update: php-8.1.11-1.fc36

2022-10-06 15:15:28

[SECURITY] Fedora 35 Update: php-8.0.24-1.fc35

2022-10-07 13:13:29

[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39

2024-04-19 01:18:35

suse

Security update for php7 (moderate)

2022-11-01 00:00:00

Security update for php8 (important)

2022-10-19 00:00:00

slackware

[slackware-security] php

2022-09-30 18:00:43

[slackware-security] php

2024-04-12 19:36:41

cloudlinux

php: Fix of 2 CVEs

2024-05-09 18:56:08

redhatcve

CVE-2024-2756

2024-04-15 08:56:16

mageia

Updated php packages fix security vulnerability

2022-10-08 23:22:22

Updated php packages fix security vulnerabilities

2024-04-13 19:56:38

debian

[SECURITY] [DLA 3810-1] php7.3 security update

2024-05-07 23:30:41

[SECURITY] [DSA 5277-1] php7.4 security update

2022-11-13 18:52:43

[SECURITY] [DLA 3243-1] php7.3 security update

2022-12-15 18:33:17

gentoo

PHP: Multiple Vulnerabilities

2022-11-19 00:00:00

ubuntu

PHP vulnerabilities

2022-11-08 00:00:00

PHP vulnerabilities

2023-03-02 00:00:00

oraclelinux

php security update

2023-02-28 00:00:00

8.1 security update

2023-05-15 00:00:00

php:8.0 security update

2023-02-22 00:00:00

freebsd

php -- Multiple vulnerabilities

2024-04-11 00:00:00

redhat

(RHSA-2023:0965) Moderate: php security update

2023-02-28 07:53:30

(RHSA-2023:2417) Moderate: php:8.1 security update

2023-05-09 05:10:10

(RHSA-2023:2903) Moderate: php:7.4 security update

2023-05-16 05:57:44

almalinux

Moderate: php:8.0 security update

2023-02-21 00:00:00

Moderate: php:8.1 security update

2023-05-09 00:00:00

Moderate: php security update

2023-02-28 00:00:00

rocky

php security update

2023-04-06 15:53:36

php:8.0 security update

2023-02-22 01:08:53

ibm

Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)

2022-12-16 17:01:05

HP Device Manager Security Updates

2023-04-13 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for RH:CVE-2022-31629