VDB

DEBIAN-CVE-2024-11234

DEBIAN-CVE-2024-11234 PUBLISHED CVSS 7.199999809265137 HIGH

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.

Risk Scores

CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:11php7.40, 7.4.21-1+deb11u1, 7.4.25-1+deb11u1
Debian:12php8.28.2.10-1, 8.2.10-2, 8.2.12-1

Exploit Intelligence

Timeline

  • Nov 24, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›