ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
- CVEs
- Documentation
ELS for Languages
- CVEs
- Releases
- Projects
- Documentation

CVE-2024-2756

Updated: 2024-04-29 21:07:18.64486

Description:

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x	NONE	0
CVSS Version 3.x	MEDIUM	6.5

Status

OS name	Project name	Version	Score	Severity	Status	Last updated
Ubuntu 20.04 PHP	php	7.0	6.5	MEDIUM	In Testing	2024-05-14 11:16:34
Ubuntu 20.04 PHP	php	7.1	6.5	MEDIUM	In Testing	2024-05-14 11:16:34
Ubuntu 20.04 PHP	php	7.4	6.5	MEDIUM	In Testing	2024-05-14 11:16:34
Ubuntu 20.04 PHP	php	7.2	6.5	MEDIUM	In Testing	2024-05-14 11:16:34
Ubuntu 20.04 PHP	php	8.0	6.5	MEDIUM	In Testing	2024-05-14 11:16:34
Ubuntu 20.04 PHP	php	7.3	6.5	MEDIUM	In Testing	2024-05-14 11:16:34
Ubuntu 20.04 PHP	php	8.2	6.5	MEDIUM	Already Fixed	2024-05-14 14:17:22
Ubuntu 20.04 PHP	php	8.1	6.5	MEDIUM	Already Fixed	2024-05-14 14:17:24
Ubuntu 22.04 PHP	php	7.4	6.5	MEDIUM	In Testing	2024-05-14 11:16:33
Ubuntu 22.04 PHP	php	7.3	6.5	MEDIUM	In Testing	2024-05-14 11:16:33

Total: 86