SUSE: CVE-2024-11234: SUSE Linux Security Advisory

SUSE: CVE-2024-11234: SUSE Linux Security Advisory

Severity

6

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

11/24/2024

Created

01/04/2025

Added

01/03/2025

Modified

01/28/2025

Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Solution(s)

• suse-upgrade-apache2-mod_php7
• suse-upgrade-apache2-mod_php8
• suse-upgrade-php7
• suse-upgrade-php7-bcmath
• suse-upgrade-php7-bz2
• suse-upgrade-php7-calendar
• suse-upgrade-php7-cli
• suse-upgrade-php7-ctype
• suse-upgrade-php7-curl
• suse-upgrade-php7-dba
• suse-upgrade-php7-devel
• suse-upgrade-php7-dom
• suse-upgrade-php7-embed
• suse-upgrade-php7-enchant
• suse-upgrade-php7-exif
• suse-upgrade-php7-fastcgi
• suse-upgrade-php7-fileinfo
• suse-upgrade-php7-fpm
• suse-upgrade-php7-ftp
• suse-upgrade-php7-gd
• suse-upgrade-php7-gettext
• suse-upgrade-php7-gmp
• suse-upgrade-php7-iconv
• suse-upgrade-php7-intl
• suse-upgrade-php7-json
• suse-upgrade-php7-ldap
• suse-upgrade-php7-mbstring
• suse-upgrade-php7-mysql
• suse-upgrade-php7-odbc
• suse-upgrade-php7-opcache
• suse-upgrade-php7-openssl
• suse-upgrade-php7-pcntl
• suse-upgrade-php7-pdo
• suse-upgrade-php7-pgsql
• suse-upgrade-php7-phar
• suse-upgrade-php7-posix
• suse-upgrade-php7-readline
• suse-upgrade-php7-shmop
• suse-upgrade-php7-snmp
• suse-upgrade-php7-soap
• suse-upgrade-php7-sockets
• suse-upgrade-php7-sodium
• suse-upgrade-php7-sqlite
• suse-upgrade-php7-sysvmsg
• suse-upgrade-php7-sysvsem
• suse-upgrade-php7-sysvshm
• suse-upgrade-php7-test
• suse-upgrade-php7-tidy
• suse-upgrade-php7-tokenizer
• suse-upgrade-php7-xmlreader
• suse-upgrade-php7-xmlrpc
• suse-upgrade-php7-xmlwriter
• suse-upgrade-php7-xsl
• suse-upgrade-php7-zip
• suse-upgrade-php7-zlib
• suse-upgrade-php8
• suse-upgrade-php8-bcmath
• suse-upgrade-php8-bz2
• suse-upgrade-php8-calendar
• suse-upgrade-php8-cli
• suse-upgrade-php8-ctype
• suse-upgrade-php8-curl
• suse-upgrade-php8-dba
• suse-upgrade-php8-devel
• suse-upgrade-php8-dom
• suse-upgrade-php8-embed
• suse-upgrade-php8-enchant
• suse-upgrade-php8-exif
• suse-upgrade-php8-fastcgi
• suse-upgrade-php8-ffi
• suse-upgrade-php8-fileinfo
• suse-upgrade-php8-fpm
• suse-upgrade-php8-fpm-apache
• suse-upgrade-php8-ftp
• suse-upgrade-php8-gd
• suse-upgrade-php8-gettext
• suse-upgrade-php8-gmp
• suse-upgrade-php8-iconv
• suse-upgrade-php8-intl
• suse-upgrade-php8-ldap
• suse-upgrade-php8-mbstring
• suse-upgrade-php8-mysql
• suse-upgrade-php8-odbc
• suse-upgrade-php8-opcache
• suse-upgrade-php8-openssl
• suse-upgrade-php8-pcntl
• suse-upgrade-php8-pdo
• suse-upgrade-php8-pgsql
• suse-upgrade-php8-phar
• suse-upgrade-php8-posix
• suse-upgrade-php8-readline
• suse-upgrade-php8-shmop
• suse-upgrade-php8-snmp
• suse-upgrade-php8-soap
• suse-upgrade-php8-sockets
• suse-upgrade-php8-sodium
• suse-upgrade-php8-sqlite
• suse-upgrade-php8-sysvmsg
• suse-upgrade-php8-sysvsem
• suse-upgrade-php8-sysvshm
• suse-upgrade-php8-test
• suse-upgrade-php8-tidy
• suse-upgrade-php8-tokenizer
• suse-upgrade-php8-xmlreader
• suse-upgrade-php8-xmlwriter
• suse-upgrade-php8-xsl
• suse-upgrade-php8-zip
• suse-upgrade-php8-zlib

References

• https://attackerkb.com/topics/cve-2024-11234
• CVE - 2024-11234