Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Vulnerability Description
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
ReactPHP HTTP 安全漏洞
Vulnerability Description
ReactPHP HTTP是ReactPHP开源的一个 ReactPHP 的事件驱动、流式 HTTP 客户端和服务器实现。 ReactPHP HTTP 0.7.0至1.7.0之前的版本存在安全漏洞,该漏洞源于当ReactPHP处理传入的HTTP cookie值时,cookie名称是经过url解码的。这可能会导致带有“__Host-”和“__Secure-”前缀的cookie与解码到这种前缀的cookie混淆,从而导致攻击者能够伪造被认为是安全的cookie。
CVSS Information
N/A
Vulnerability Type
N/A