NVD

Id
83860  
Name
CVE-2017-7272  
Description
PHP through 7.1.3 enables potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-07-18  
Published
2017-03-27  
Modified Date
2017-07-11  
Seq
2017-7272  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
66408 JVNDB-2017-002746 PHP におけるサーバサイドのリクエストフォージェリの脆弱性 PHP には、サーバサイドのリクエストフォージェリの脆弱性が存在します。 CVE-2017-7272 0 CVE-2017-7272 83860 5.8 7.4 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-002746.html 2017-03-08 2017-04-27 View