Vulnerability Name:

CVE-2021-21705 (CCN-205110)

Assigned:2021-06-10
Published:2021-06-10
Updated:2022-10-29
Summary:In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
CWE-918
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-21705

Source: CCN
Type: PHP Sec Bug #81122
SSRF bypass in FILTER_VALIDATE_URL

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
N/A

Source: CCN
Type: Red Hat Bugzilla – Bug 1978755
(CVE-2021-21705) - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL

Source: XF
Type: UNKNOWN
php-cve202121705-ssrf(205110)

Source: CCN
Type: php-src GIT Repository
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-20

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0006/

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.0.8)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.21)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.3.0 and < 7.3.29)

    • Configuration 2:
  • cpe:/a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:8.0.7:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8183
    P
    		Security update for amazon-ssm-agent (Important)
    2023-06-16
    oval:org.opensuse.security:def:7477
    P
    		cyrus-sasl-2.1.28-150500.1.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8075
    P
    		apache2-mod_php7-7.4.33-150400.4.22.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7433
    P
    		apache-commons-io-2.11.0-150200.3.9.4 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8161
    P
    		Security update for openvswitch (Important)
    2023-05-25
    oval:org.opensuse.security:def:6114
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-08-26
    oval:org.opensuse.security:def:6124
    P
    		Security update for java-11-openjdk (Important)
    2022-08-01
    oval:org.opensuse.security:def:95336
    P
    		Security update for webkit2gtk3 (Important)
    2022-07-22
    oval:org.opensuse.security:def:3434
    P
    		apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95064
    P
    		apache2-mod_php7-7.4.25-150400.2.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95345
    P
    		Security update for php7 (Low)
    2022-05-19
    oval:com.redhat.rhsa:def:20221935
    P
    		RHSA-2022:1935: php:7.4 security update (Moderate)
    2022-05-10
    oval:org.opensuse.security:def:39370
    P
    		Security update for php5 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:43800
    P
    		Security update for php5 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:102058
    P
    		Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:40759
    P
    		Security update for php53 (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:45189
    P
    		Security update for php53 (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:111004
    P
    		Security update for php7 (Important)
    2021-08-10
    oval:org.opensuse.security:def:118322
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:5797
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:102266
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:95858
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:67213
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:102571
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:108724
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:69272
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:75954
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:118578
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:96126
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:68522
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:26101
    P
    		Security update for php74 (Important)
    2021-08-06
    oval:org.opensuse.security:def:102816
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:109237
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:66886
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:1476
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:111656
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:68566
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:5088
    P
    		Security update for php74 (Important)
    2021-08-06
    oval:org.opensuse.security:def:102056
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:109482
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:76281
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:20975
    P
    		Security update for php74 (Important)
    2021-08-06
    oval:org.opensuse.security:def:69250
    P
    		Security update for php7 (Important)
    2021-08-06
    oval:org.opensuse.security:def:49446
    P
    		Security update for php74 (Important)
    2021-08-06
    oval:org.opensuse.security:def:75945
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:66877
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:111645
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:76271
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:102049
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:5788
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:67203
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:108715
    P
    		Security update for php7 (Moderate)
    2021-07-30
    oval:org.opensuse.security:def:26096
    P
    		Security update for php72 (Moderate)
    2021-07-29
    oval:org.opensuse.security:def:5083
    P
    		Security update for php72 (Moderate)
    2021-07-29
    oval:org.opensuse.security:def:20974
    P
    		Security update for php72 (Moderate)
    2021-07-29
    oval:org.opensuse.security:def:49445
    P
    		Security update for php72 (Moderate)
    2021-07-29
    BACK
    php php *
    php php *
    php php *
    netapp clustered data ontap -
    oracle sd-wan aware 8.2
    php php 8.0.7 -