CVE-2017-7272 - Server-Side Request Forgery (SSRF)

Severity

57%

Complexity

86%

Confidentiality

81%

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.

CVSS 3.0 Base Score 7.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

First reported 7 years ago

2017-03-27 17:59:00

Last updated 6 years ago

2018-02-26 02:29:00

Affected Software

PHP PHP

References

97178

Third Party Advisory, VDB Entry

1038158

https://bugs.php.net/bug.php?id=74216

Issue Tracking, Vendor Advisory

https://bugs.php.net/bug.php?id=75505

https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a

Issue Tracking, Patch, Third Party Advisory

https://security.netapp.com/advisory/ntap-20180112-0001/

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.