Lucene search
Alpine Linux Development TeamALPINE:CVE-2020-7070HistoryOct 02, 2020 - 3:15 p.m.
CVE-2020-7070
2020-10-0215:15:00
Alpine Linux Development Team
security.alpinelinux.org
23
0.004 Low
EPSS
Percentile
74.9%
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.12-community | noarch | php7 | < 7.3.23-r0 | UNKNOWN |
| Alpine | 3.13-community | noarch | php7 | < 7.4.11-r0 | UNKNOWN |
| Alpine | 3.14-community | noarch | php7 | < 7.4.11-r0 | UNKNOWN |
| Alpine | 3.15-community | noarch | php7 | < 7.4.11-r0 | UNKNOWN |
Related
f5
f5
K11435435 : PHP vulnerability CVE-2020-7070
2020-10-22 00:00:00
osv
osv
CVE-2020-7070
2020-10-02 15:15:12
BIT-php-2020-7070
2024-03-06 11:05:57
prion
prion
Information disclosure
2020-10-02 15:15:00
Input validation
2020-06-19 17:15:00
debiancve
debiancve
CVE-2020-7070
2020-10-02 15:15:00
CVE-2020-8184
2020-06-19 17:15:00
cve
cve
CVE-2020-7070
2020-10-02 15:15:00
CVE-2020-8184
2020-06-19 17:15:00
cvelist
cvelist
CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
2020-09-29 00:00:00
CVE-2020-8184
2020-06-19 00:00:00
ubuntucve
ubuntucve
CVE-2020-7070
2020-10-02 00:00:00
CVE-2020-8184
2020-06-19 00:00:00
redhatcve
redhatcve
CVE-2020-7070
2020-10-06 21:20:55
CVE-2020-8184
2020-06-19 16:56:13
nessus
nessus
Ubuntu 20.10 : PHP vulnerabilities (USN-4583-2)
2020-10-27 00:00:00
Amazon Linux AMI : php72 (ALAS-2020-1440)
2020-10-28 00:00:00
EulerOS 2.0 SP8 : php (EulerOS-SA-2020-2316)
2020-11-02 00:00:00
friendsofphp
friendsofphp
amazon
amazon
Medium: php72, php73
2020-10-26 18:16:00
github
github
openvas
openvas
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-2316)
2020-11-02 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2021-1566)
2021-03-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2920-1)
2021-06-09 00:00:00
veracode
veracode
Insecure Cookie Parsing
2020-06-16 07:11:11
Cookie Injection
2020-10-02 06:07:42
ibm
ibm
Security Bulletin: Aspera on Cloud CVE-2020-8184
2020-09-28 20:47:48
mageia
mageia
Updated ruby-rack packages fix security vulnerability
2020-08-01 02:25:42
Updated php packages fix a security vulnerability
2020-10-16 20:04:43
hackerone
hackerone
rubygems
rubygems
Cookie Prefix Spoofing in CGI::Cookie.parse
2021-11-23 21:00:00
ubuntu
ubuntu
Rack vulnerabilities
2021-04-06 00:00:00
PHP vulnerabilities
2020-10-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.3.23-alt1
2020-10-10 00:00:00
Security fix for the ALT Linux 8 package php7 version 7.2.34-alt1
2020-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: php-7.3.23-1.fc31
2020-10-07 20:45:40
[SECURITY] Fedora 33 Update: php-7.4.11-1.fc33
2020-10-04 00:16:01
[SECURITY] Fedora 32 Update: php-7.4.11-1.fc32
2020-10-07 20:37:09
gentoo
gentoo
PHP: Multiple vulnerabilities
2020-12-23 00:00:00
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
redhat
redhat
(RHSA-2021:4213) Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
(RHSA-2021:2992) Moderate: rh-php73-php security, bug fix, and enhancement update
2021-08-03 08:11:09
(RHSA-2020:4366) Important: Satellite 6.8 release
2020-10-27 12:45:25
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
debian
debian
[SECURITY] [DSA 4856-1] php7.3 security update
2021-02-17 22:08:33
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00