ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
- CVEs
- Documentation
ELS for Languages
- CVEs
- Releases
- Projects
- Documentation

CVE-2024-2756

Updated: 2024-04-29 21:07:18.64486

Description:

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x	NONE	0
CVSS Version 3.x	MEDIUM	6.5

Status

OS name	Project name	Version	Score	Severity	Status	Last updated
EL 6 PHP	php	5.2	6.5	MEDIUM	In Progress	2024-04-16 09:53:31
EL 6 PHP	php	7.4	6.5	MEDIUM	In Progress	2024-04-16 09:53:28
EL 6 PHP	php	5.6	6.5	MEDIUM	In Progress	2024-04-16 09:53:24
EL 6 PHP	php	7.0	6.5	MEDIUM	In Progress	2024-04-16 09:53:24
EL 6 PHP	php	7.1	6.5	MEDIUM	In Progress	2024-04-16 09:53:24
EL 6 PHP	php	8.1	6.5	MEDIUM	In Progress	2024-04-16 09:53:24
EL 6 PHP	php	5.1	6.5	MEDIUM	In Progress	2024-04-16 09:53:31
EL 6 PHP	php	5.3	6.5	MEDIUM	In Progress	2024-04-16 09:53:31
EL 6 PHP	php	5.4	6.5	MEDIUM	In Progress	2024-04-16 09:53:31
EL 6 PHP	php	7.2	6.5	MEDIUM	In Progress	2024-04-16 09:53:31

Total: 86