PHP DC-2024-11234 (Critical)

2024-11-26

: This vulnerability exists in PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, and 8.3. before 8.3.14. It allows an attacker to perform HTTP request smuggling through a flaw in how URIs are sanitized when using streams with a configured proxy and the “request_fulluri” option. This could grant unauthorized access to sensitive resources on the server.

Vulnerability Details:

Platform: PHP
Version: 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14
Vulnerability: HTTP Request Smuggling (CVE-2024-11234)
Severity: Critical
Date: November 23, 2024 (NVD Last Modified)

What Undercode Says:

This is a critical vulnerability that PHP users should address immediately. Update to PHP versions 8.1.31, 8.2.26, or 8.3.14 or later to mitigate the risk.

Additional Notes:

The NVD entry for this vulnerability can be found here: [link to NVD entry]
More information on HTTP Request Smuggling can be found here: [link to relevant resource]

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top