Vulnerability CVE-2021-21705

Vulnerability Name:

CVE-2021-21705 (CCN-205110)

Assigned:

2021-06-10

Published:

2021-06-10

Updated:

2022-10-29

Summary:

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-20
CWE-918

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-21705

Source: CCN
Type: PHP Sec Bug #81122
SSRF bypass in FILTER_VALIDATE_URL

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
N/A

Source: CCN
Type: Red Hat Bugzilla Bug 1978755
(CVE-2021-21705) - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL

Source: XF
Type: UNKNOWN
php-cve202121705-ssrf(205110)

Source: CCN
Type: php-src GIT Repository
Fix #81122: SSRF bypass in FILTER_VALIDATE_URL

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-20

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0006/

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.0.8)

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.21)

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.3.0 and < 7.3.29)

Configuration 2:

cpe:/a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:8.0.7:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8183	P	Security update for amazon-ssm-agent (Important)	2023-06-16
oval:org.opensuse.security:def:7477	P	cyrus-sasl-2.1.28-150500.1.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8075	P	apache2-mod_php7-7.4.33-150400.4.22.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7433	P	apache-commons-io-2.11.0-150200.3.9.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8161	P	Security update for openvswitch (Important)	2023-05-25
oval:org.opensuse.security:def:6114	P	Security update for MozillaFirefox (Important) (in QA)	2022-08-26
oval:org.opensuse.security:def:6124	P	Security update for java-11-openjdk (Important)	2022-08-01
oval:org.opensuse.security:def:95336	P	Security update for webkit2gtk3 (Important)	2022-07-22
oval:org.opensuse.security:def:3434	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95064	P	apache2-mod_php7-7.4.25-150400.2.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95345	P	Security update for php7 (Low)	2022-05-19
oval:com.redhat.rhsa:def:20221935	P	RHSA-2022:1935: php:7.4 security update (Moderate)	2022-05-10
oval:org.opensuse.security:def:39370	P	Security update for php5 (Moderate)	2021-08-23
oval:org.opensuse.security:def:43800	P	Security update for php5 (Moderate)	2021-08-23
oval:org.opensuse.security:def:102058	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:40759	P	Security update for php53 (Moderate)	2021-08-20
oval:org.opensuse.security:def:45189	P	Security update for php53 (Moderate)	2021-08-20
oval:org.opensuse.security:def:111004	P	Security update for php7 (Important)	2021-08-10
oval:org.opensuse.security:def:118322	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:5797	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:102266	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:95858	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:67213	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:102571	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:108724	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:69272	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:75954	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:118578	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:96126	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:68522	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:102816	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:109237	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:66886	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:1476	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:111656	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:68566	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:5088	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:102056	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:109482	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:76281	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:20975	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:69250	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:49446	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:75945	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:66877	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:111645	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:76271	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:102049	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:5788	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:67203	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:108715	P	Security update for php7 (Moderate)	2021-07-30
oval:org.opensuse.security:def:26096	P	Security update for php72 (Moderate)	2021-07-29
oval:org.opensuse.security:def:5083	P	Security update for php72 (Moderate)	2021-07-29
oval:org.opensuse.security:def:20974	P	Security update for php72 (Moderate)	2021-07-29
oval:org.opensuse.security:def:49445	P	Security update for php72 (Moderate)	2021-07-29

BACK