Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU67756
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-31629
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
php-embedded: before 8.0.28-1
php-soap: before 8.0.28-1
php-debugsource: before 8.0.28-1
php-gmp: before 8.0.28-1
php-pdo: before 8.0.28-1
php-intl: before 8.0.28-1
php-devel: before 8.0.28-1
php-opcache: before 8.0.28-1
php-ldap: before 8.0.28-1
php-dbg: before 8.0.28-1
php-bcmath: before 8.0.28-1
php-help: before 8.0.28-1
php-debuginfo: before 8.0.28-1
php-fpm: before 8.0.28-1
php-cli: before 8.0.28-1
php-common: before 8.0.28-1
php-tidy: before 8.0.28-1
php-dba: before 8.0.28-1
php-process: before 8.0.28-1
php-mbstring: before 8.0.28-1
php-gd: before 8.0.28-1
php-xml: before 8.0.28-1
php-pgsql: before 8.0.28-1
php-ffi: before 8.0.28-1
php-snmp: before 8.0.28-1
php-mysqlnd: before 8.0.28-1
php-odbc: before 8.0.28-1
php-enchant: before 8.0.28-1
php: before 8.0.28-1
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1273
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.