Vulnerability Details : CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Vulnerability category: Input validation
Products affected by CVE-2020-7070
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-7070
Top countries where our scanners detected CVE-2020-7070
Top open port discovered on systems with this issue
80
IPs affected by CVE-2020-7070 346,265
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-7070!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-7070
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7070
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
PHP Group |
CWE ids for CVE-2020-7070
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security@php.net (Secondary)
-
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-7070
-
https://usn.ubuntu.com/4583-1/
USN-4583-1: PHP vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.debian.org/security/2021/dsa-4856
Debian -- Security Information -- DSA-4856-1 php7.3Third Party Advisory
-
https://www.tenable.com/security/tns-2021-14
[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/
[SECURITY] Fedora 31 Update: php-7.3.23-1.fc31 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html
[security-announce] openSUSE-SU-2020:1703-1: important: Security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/202012-16
PHP: Multiple vulnerabilities (GLSA 202012-16) — Gentoo securityThird Party Advisory
-
https://hackerone.com/reports/895727
#895727 Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookiesExploit;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20201016-0001/
October 2020 PHP Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html
[SECURITY] [DLA 2397-1] php7.0 security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/
[SECURITY] Fedora 33 Update: php-7.4.11-1.fc33 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://bugs.php.net/bug.php?id=79699
PHP :: Sec Bug #79699 :: PHP parses encoded cookie names so malicious `__Host-` cookies can be sentIssue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html
[security-announce] openSUSE-SU-2020:1767-1: important: Security updateMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Not Applicable;Third Party Advisory
-
http://cve.circl.lu/cve/CVE-2020-8184
CVE-2020-8184 - A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2 - CVE-SearchThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/
[SECURITY] Fedora 32 Update: php-7.4.11-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to