Korean
<< Back
VID 210276
Severity 30
Port 80, ...
Protocol TCP
Class CGI
Detailed Description The version of PHP installed on the remote host is prior to 8.2.18. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.18 advisory.

- In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. (CVE-2022-31629)

* References:
http://php.net/ChangeLog-8.php#8.2.18

* Platforms Affected:
PHP Prior to 8.2.18
Any operating system Any version
Recommendation Upgrade to the latest version of PHP (8.2.18 or later), available from the PHP web site at http://www.php.net/downloads.php
Related URL CVE-2022-31629,CVE-2024-1874,CVE-2024-2756,CVE-2024-3096 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)