VDB

DEBIAN-CVE-2024-2756

DEBIAN-CVE-2024-2756 PUBLISHED CVSS 6.5 MEDIUM

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Debian:12php8.28.2.10-1, 8.2.10-2, 8.2.12-1
Debian:11php7.40, 7.4.21-1+deb11u1, 7.4.25-1+deb11u1

Exploit Intelligence

Timeline

  • Apr 29, 2024 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›