Http
CVE-2022-36032
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host- and __Secure- confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected Cookie request headers.
AnalysisAI
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host- and __Secure- confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected Cookie request headers. Affected products include: Reactphp Http. Version information: prior to 1.7.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in the http crate before 0.1.20 for Rust. Rated high severity (CVSS 7.5), this vulnerability is
An issue was discovered in the http package through 0.12.2 for Dart. Rated medium severity (CVSS 6.1), this vulnerabilit
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
Credential leakage in the Perl HTTP::Tiny client (all versions before 0.095) lets an attacker who controls a redirect de
HTTP::Tiny versions before 0.093 for Perl fail to validate carriage return and line feed (CRLF) characters in HTTP reque
HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code i
react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Rated medium severity (CVSS
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today