CVE-2017-7272 - OpenCVE

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97178	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038158
https://bugs.php.net/bug.php?id=74216	Issue Tracking Vendor Advisory
https://bugs.php.net/bug.php?id=75505
https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a	Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20180112-0001/
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-27T17:00:00

Updated: 2018-02-25T20:57:01

Reserved: 2017-03-27T00:00:00

Link: CVE-2017-7272

JSON object: View

NVD Information

Status : Modified

Published: 2017-03-27T17:59:00.977

Modified: 2018-02-26T02:29:00.423

Link: CVE-2017-7272

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-25T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "97178", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97178"}, {"name": "1038158", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038158"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=75505"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=74216"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7272", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "97178", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97178"}, {"name": "1038158", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038158"}, {"name": "https://bugs.php.net/bug.php?id=75505", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=75505"}, {"name": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a", "refsource": "CONFIRM", "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}, {"name": "https://security.netapp.com/advisory/ntap-20180112-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"}, {"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt", "refsource": "MISC", "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt"}, {"name": "https://bugs.php.net/bug.php?id=74216", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=74216"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7272", "datePublished": "2017-03-27T17:00:00", "dateReserved": "2017-03-27T00:00:00", "dateUpdated": "2018-02-25T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "731A329A-C7A3-4FCB-8BB8-796D2CA18B50", "versionEndIncluding": "7.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function."}, {"lang": "es", "value": "PHP hasta la versi\u00f3n 7.1.11 podr\u00eda permitir SSRF en aplicaciones que aceptan un argumento de nombre de host fsockopen o pfsockopen con la expectativa de que el n\u00famero de puerto est\u00e9 limitado. Debido a que se reconoce una sintaxis :port, fsockopen emplear\u00e1 el n\u00famero de puerto especificado en el argumento del nombre de host en lugar del n\u00famero de puerto en el segundo argumento de la funci\u00f3n."}], "id": "CVE-2017-7272", "lastModified": "2018-02-26T02:29:00.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-27T17:59:00.977", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97178"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038158"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=74216"}, {"source": "cve@mitre.org", "url": "https://bugs.php.net/bug.php?id=75505"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"}, {"source": "cve@mitre.org", "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}