Vulnerability Name:

CVE-2020-7071 (CCN-197074)

Assigned:2020-01-15
Published:2021-01-03
Updated:2022-08-29
Summary:In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-7071

Source: CCN
Type: PHP Sec Bug #77423
FILTER_VALIDATE_URL accepts URLs with invalid userinfo

Source: CONFIRM
Type: Exploit, Issue Tracking, Vendor Advisory
N/A

Source: XF
Type: UNKNOWN
php-cve20207071-sec-bypass(197074)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-23

Source: CONFIRM
Type: Vendor Advisory
https://security.netapp.com/advisory/ntap-20210312-0005/

Source: DEBIAN
Type: Third Party Advisory
DSA-4856

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: PHP Web site
PHP

Source: CONFIRM
Type: Third Party Advisory
https://www.tenable.com/security/tns-2021-14

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.3.0 and < 7.3.26)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.14)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.0.1)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:7.3.25:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:7.4.13:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8155
    P
    		Security update for netty, netty-tcnative (Important)
    2023-06-21
    oval:org.opensuse.security:def:8075
    P
    		apache2-mod_php7-7.4.33-150400.4.22.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:639
    P
    		Security update for grafana (Important) (in QA)
    2022-10-06
    oval:org.opensuse.security:def:3434
    P
    		apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95183
    P
    		enigmail-2.2.4-3.27.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95064
    P
    		apache2-mod_php7-7.4.25-150400.2.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95200
    P
    		libavcodec-devel-3.4.2-11.17.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:101896
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:com.redhat.rhsa:def:20214213
    P
    		RHSA-2021:4213: php:7.4 security, bug fix, and enhancement update (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:96804
    P
    		yast2-multipath-4.1.1-6.56 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:101913
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)
    2021-08-17
    oval:org.opensuse.security:def:2325
    P
    		apache2-mod_php7-7.4.6-3.17.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2418
    P
    		php7-embed-7.4.6-3.17.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101415
    P
    		apache2-mod_php7-7.4.6-3.17.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63414
    P
    		apache2-mod_php7-7.4.6-3.17.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63507
    P
    		php7-embed-7.4.6-3.17.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:43799
    P
    		Security update for php5 (Important)
    2021-02-18
    oval:org.opensuse.security:def:39369
    P
    		Security update for php5 (Important)
    2021-02-18
    oval:org.opensuse.security:def:110974
    P
    		Security update for php7 (Moderate)
    2021-01-18
    oval:org.opensuse.security:def:45187
    P
    		Security update for php53 (Moderate)
    2021-01-18
    oval:org.opensuse.security:def:40757
    P
    		Security update for php53 (Moderate)
    2021-01-18
    oval:org.opensuse.security:def:110645
    P
    		Security update for php7 (Moderate)
    2021-01-17
    oval:org.opensuse.security:def:26031
    P
    		Security update for php74 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:5018
    P
    		Security update for php74 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:109218
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:102552
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:69244
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:49439
    P
    		Security update for php72 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:5652
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:20968
    P
    		Security update for php72 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:96120
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:75809
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:118303
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:109476
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:102810
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:96855
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:49440
    P
    		Security update for php74 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:7414
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:20969
    P
    		Security update for php74 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:66741
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:118572
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:26030
    P
    		Security update for php72 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:5017
    P
    		Security update for php72 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:108579
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:68503
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:95839
    P
    		Security update for php7 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:75792
    P
    		Security update for php7 (Moderate)
    2021-01-13
    oval:org.opensuse.security:def:66724
    P
    		Security update for php7 (Moderate)
    2021-01-13
    oval:org.opensuse.security:def:108562
    P
    		Security update for php7 (Moderate)
    2021-01-13
    oval:org.opensuse.security:def:5635
    P
    		Security update for php7 (Moderate)
    2021-01-13
    BACK
    php php *
    php php *
    php php *
    debian debian linux 9.0
    debian debian linux 10.0
    netapp clustered data ontap -
    php php 7.3.25 -
    php php 7.4.13 -