Server-side request forgery in PHP - CVE-2017-7272
Published: June 30, 2017 / Updated: July 3, 2017
Vulnerability identifier: #VU7273
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2017-7272
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows a remote user to perform SSRF attack.
The weakness exists due to a flaw in the fsockopen() function. A remote attacker can use fsockopen hostname argument to cause the system to accept it with an expectation that the port number is constrained and perform server-sire request forgery attack.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
The weakness exists due to a flaw in the fsockopen() function. A remote attacker can use fsockopen hostname argument to cause the system to accept it with an expectation that the port number is constrained and perform server-sire request forgery attack.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
How to mitigate CVE-2017-7272
Update to version 7.1.3.