CVE-2017-7189 - Vulnerability Details - OpenCVE

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugs.php.net/bug.php?id=74192
https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
https://nvd.nist.gov/vuln/detail/CVE-2017-7189
https://www.cve.org/CVERecord?id=CVE-2017-7189

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-10T14:41:35

Updated: 2024-08-05T15:56:36.063Z

Reserved: 2017-03-20T00:00:00

Link: CVE-2017-7189

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-10T15:15:11.163

Modified: 2024-11-21T03:31:20.803

Link: CVE-2017-7189

Redhat

Severity : Moderate

Publid Date: 2019-07-31T00:00:00Z

Links: CVE-2017-7189 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-10T14:41:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=74192"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7189", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a", "refsource": "MISC", "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}, {"name": "https://bugs.php.net/bug.php?id=74192", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=74192"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:36.063Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=74192"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7189", "datePublished": "2019-07-10T14:41:35", "dateReserved": "2017-03-20T00:00:00", "dateUpdated": "2024-08-05T15:56:36.063Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D46367B-C8BB-4700-A6B8-79A5DAF5EF33", "versionEndExcluding": "7.0.16", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input."}, {"lang": "es", "value": "El archivo main/streams/xp_socket.c en PHP versiones 7.x antes del 07-03-2017 analiza inapropiadamente las llamadas fsockopen, como por ejemplo interpretando fsockopen('127.0.0.1:80', 443) como si la direcci\u00f3n y el puerto fuera 127.0.0.1:80:443, que luego se trunca a 127.0.0.1:80. Este comportamiento presenta un riesgo de seguridad si el n\u00famero de puerto proporcionado expl\u00edcitamente (es decir, 443 en este ejemplo) est\u00e1 codificado en una aplicaci\u00f3n como una pol\u00edtica de seguridad, pero el argumento hostname (es decir, 127.0.0.1:80 en este ejemplo) es obtenido de una entrada no segura."}], "id": "CVE-2017-7189", "lastModified": "2024-11-21T03:31:20.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-10T15:15:11.163", "references": [{"source": "cve@mitre.org", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=74192"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=74192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "php: misparsing fsockopen calls in main/streams/xp_socket.c leads to information disclosure", "id": "1734756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734756"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input."], "name": "CVE-2017-7189", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "php:7.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-php70-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-php71-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-php72-php", "product_name": "Red Hat Software Collections"}], "public_date": "2019-07-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7189\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7189"], "statement": "This issue affects the php version as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and it was rated as having a security impact of 'Moderate'. It also affects the versions rh-php71-php, rh-php70-php, rh-php72-php distributed with Red Hat Software Collection 3.", "threat_severity": "Moderate"}