Bug 2133687 (CVE-2022-31629) - CVE-2022-31629 php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications
Summary: CVE-2022-31629 php: standard insecure cookie could be treated as a '__Host-' ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-31629
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2133691 2135291 2135293 2135294 2135295 2135296 2161666 2161667
Blocks: 2130767
TreeView+ depends on / blocked
 
Reported: 2022-10-11 07:52 UTC by TEJ RATHI
Modified: 2023-05-17 01:45 UTC (History)
5 users (show)

Fixed In Version: php 7.4.31, php 8.0.25
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser, which is treated as a `__Host-` or `__Secure-` cookie by PHP applications, posing a threat to data integrity.
Clone Of:
Environment:
Last Closed: 2023-05-17 01:45:07 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:0848 0 None None None 2023-02-21 09:31:10 UTC
Red Hat Product Errata RHSA-2023:0965 0 None None None 2023-02-28 08:20:33 UTC
Red Hat Product Errata RHSA-2023:2417 0 None None None 2023-05-09 07:45:30 UTC
Red Hat Product Errata RHSA-2023:2903 0 None None None 2023-05-16 08:26:25 UTC

Description TEJ RATHI 2022-10-11 07:52:03 UTC 
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

https://bugs.php.net/bug.php?id=81727
Comment 1 TEJ RATHI 2022-10-11 07:55:31 UTC 
Created php tracking bugs for this issue:

Affects: fedora-all [bug 2133691]
Comment 3 TEJ RATHI 2022-10-17 08:52:17 UTC 
Upstream Commit:
https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca
Comment 4 errata-xmlrpc 2023-02-21 09:31:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0848 https://access.redhat.com/errata/RHSA-2023:0848
Comment 5 errata-xmlrpc 2023-02-28 08:20:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0965 https://access.redhat.com/errata/RHSA-2023:0965
Comment 6 mhoward 2023-04-29 02:46:20 UTC 
Will this be fixed in the PHP 7.4 Full Life Application Stream for RHEL8?
Comment 7 errata-xmlrpc 2023-05-09 07:45:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2417 https://access.redhat.com/errata/RHSA-2023:2417
Comment 8 errata-xmlrpc 2023-05-16 08:26:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2903 https://access.redhat.com/errata/RHSA-2023:2903
Comment 9 Product Security DevOps Team 2023-05-17 01:45:05 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-31629
Note You need to log in before you can comment on or make changes to this bug.