QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7272

Published: Mar 27, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

https://bugs.php.net/bug.php?id=75505

x_refsource_CONFIRM

https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20180112-0001/

x_refsource_CONFIRM

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt

x_refsource_MISC

https://bugs.php.net/bug.php?id=74216

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.