{ "threat_severity" : "Moderate", "public_date" : "2024-04-12T00:00:00Z", "bugzilla" : { "description" : "php: host/secure cookie bypass due to partial CVE-2022-31629 fix", "id" : "2275058", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275058" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.", "An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser." ], "statement" : "The vulnerability in PHP, where an insecure cookie is misinterpreted as a __Host- or __Secure- cookie due to the incomplete fix for CVE-2022-31629, poses a moderate severity risk. While it allows attackers to set cookies with misleading prefixes, bypassing some cookie security measures, it does not directly enable remote code execution or escalate privileges. However, it can facilitate session hijacking or unauthorized access to certain web applications, potentially compromising user data or functionality. Additionally, its impact is limited to PHP applications that rely on cookie prefixes for security, which reduces its overall severity compared to more important vulnerabilities.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10951", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "php:8.2-8100020241112130045.f7998665" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10952", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "php:7.4-8100020241113075828.f7998665" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10949", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php:8.2-9050020241112094217.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-12-11T00:00:00Z", "advisory" : "RHSA-2024:10950", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php:8.1-9050020241112144108.9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "php-0:8.0.30-2.el9" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "php:8.0/php", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-2756\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2756\nhttps://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4" ], "name" : "CVE-2024-2756", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }