CVE-2024-11234
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Nov 24, 2024
Updated: Nov 26, 2024
CWE ID 20
CWE ID 74
Summary
CVE-2024-11234 is a vulnerability affecting PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. The issue lies in the way streams with configured proxies and the "request_fulluri" option are handled. The URI is not adequately sanitized, making it susceptible to HTTP request smuggling. Attackers can exploit this vulnerability to perform arbitrary HTTP requests originating from the server, potentially gaining unauthorized access to resources not accessible to external users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- PHP: Hypertext Preprocessor
Affected Vendors
- Php