跳转到帖子

Ubuntu: (Multiple Advisories) (CVE-2024-11234): PHP vulnerabilities

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Ubuntu: (Multiple Advisories) (CVE-2024-11234): PHP vulnerabilities

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
11/24/2024
Created
12/17/2024
Added
12/16/2024
Modified
01/31/2025

Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Solution(s)

  • ubuntu-pro-upgrade-libapache2-mod-php7-0
  • ubuntu-pro-upgrade-libapache2-mod-php7-4
  • ubuntu-pro-upgrade-libapache2-mod-php8-0
  • ubuntu-pro-upgrade-libapache2-mod-php8-1
  • ubuntu-pro-upgrade-libapache2-mod-php8-3
  • ubuntu-pro-upgrade-php7-0
  • ubuntu-pro-upgrade-php7-0-cgi
  • ubuntu-pro-upgrade-php7-0-cli
  • ubuntu-pro-upgrade-php7-0-ldap
  • ubuntu-pro-upgrade-php7-0-mysql
  • ubuntu-pro-upgrade-php7-4
  • ubuntu-pro-upgrade-php7-4-cgi
  • ubuntu-pro-upgrade-php7-4-cli
  • ubuntu-pro-upgrade-php7-4-fpm
  • ubuntu-pro-upgrade-php7-4-mysql
  • ubuntu-pro-upgrade-php8-1
  • ubuntu-pro-upgrade-php8-1-cgi
  • ubuntu-pro-upgrade-php8-1-cli
  • ubuntu-pro-upgrade-php8-1-enchant
  • ubuntu-pro-upgrade-php8-1-fpm
  • ubuntu-pro-upgrade-php8-1-mysql
  • ubuntu-pro-upgrade-php8-3
  • ubuntu-pro-upgrade-php8-3-cgi
  • ubuntu-pro-upgrade-php8-3-cli
  • ubuntu-pro-upgrade-php8-3-fpm
  • ubuntu-pro-upgrade-php8-3-mysql

References

  • https://attackerkb.com/topics/cve-2024-11234
  • CVE - 2024-11234
  • USN-7157-1
  • USN-7157-2
  • USN-7157-3
  • 引用
  • Mention
    • 查看数 695
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表