Showing 1 - 6 of 6

CVE-2021-21707

Status Candidate

Overview

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Related Files

Red Hat Security Advisory 2022-7628-01: Posted Nov 8, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-7628-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include traversal and use-after-free vulnerabilities.; tags | advisory, web, php, vulnerability; systems | linux, redhat; advisories | CVE-2021-21707, CVE-2021-21708, CVE-2021-32610; SHA-256 | c5085c33c69a944a83481bcd51491bb584588fdd62e2fb35c3424bbef37bc4ef; Download | Favorite | View

Red Hat Security Advisory 2022-5491-01: Posted Jul 4, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.; tags | advisory, web, overflow, php, vulnerability; systems | linux, redhat; advisories | CVE-2021-21703, CVE-2021-21707, CVE-2022-31625, CVE-2022-31626; SHA-256 | 36e1c6ff0f104cd3b9632850a092a8a5455e29cb191ef477cb08e06cd0f97920; Download | Favorite | View

Ubuntu Security Notice USN-5300-3: Posted Mar 7, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5300-3 - USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.; tags | advisory, denial of service, php, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-8923, CVE-2017-9119, CVE-2021-21707; SHA-256 | 79f9d135d4d4a7c56dc43a848d48ffdb653c44069b4fe34f8a66deeb9811750f; Download | Favorite | View

Ubuntu Security Notice USN-5300-2: Posted Mar 3, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5300-2 - USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.; tags | advisory, denial of service, php, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-8923, CVE-2017-9119, CVE-2021-21707; SHA-256 | 8d289bff69aa5a1c07a2ec7e6f761299daae4511e4dcce44a32c652a3e06a38e; Download | Favorite | View

Debian Security Advisory 5082-1: Posted Feb 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5082-1 - Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service.; tags | advisory, denial of service, php, info disclosure; systems | linux, debian; advisories | CVE-2021-21707, CVE-2021-21708; SHA-256 | 0d3f1a5fe1e49457b4ad5606bb3a59b6b219551a7056119efecb97680d9f7506; Download | Favorite | View

Ubuntu Security Notice USN-5300-1: Posted Feb 23, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5300-1 - It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.; tags | advisory, denial of service, php; systems | linux, ubuntu; advisories | CVE-2015-9253, CVE-2017-9119, CVE-2017-9120, CVE-2021-21707; SHA-256 | a3c43189a77d959782469e503170048c773cfe62638b7e5096d7604ac94e195c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2021-21707

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems