CVE-2024-11234

Published Nov 24, 2024

Last updated 3 months ago

CVSS medium 4.8

Overview

Description: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
Source: security@php.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 2.7
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Severity: HIGH

Weaknesses

security@php.net: CWE-20
nvd@nist.gov: CWE-74

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE6E1B68-3EB9-4C67-97A6-226EA02CC2EA",
            "versionEndExcluding": "8.1.31",
            "versionStartIncluding": "8.1.0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C160D91A-CF97-4DD1-A34F-8B8C852B3CEC",
            "versionEndExcluding": "8.2.26",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35B1BA7F-0EAE-4F40-ACA4-EBC5D63F609A",
            "versionEndExcluding": "8.3.14",
            "versionStartIncluding": "8.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References