cbcvebase.
CVE-2020-7066
published 2020-04-01

CVE-2020-7066: In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0)…

PriorityP423medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
2.77%
84.5th percentile
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

Affected

14 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianphp7.4< php7.4 7.4.5-1 (bullseye)php7.4 7.4.5-1 (bullseye)
opensuseleap
phpphp>= 7.2.0 < 7.2.297.2.29
phpphp>= 7.3.0 < 7.3.167.3.16
phpphp>= 7.4.0 < 7.4.47.4.4
php5php5>= 0 < 5.5.9+dfsg-1ubuntu4.29+esm115.5.9+dfsg-1ubuntu4.29+esm11
php_groupphp
php_groupphp
php_groupphp
tenabletenable.sc< 5.19.05.19.0
tenabletenable.sc

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.