CVE-2020-7071 — MEDIUM (5.3)

Q: How severe is CVE-2020-7071?

CVE-2020-7071 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-7071?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Netapp Clustered Data Ontap.

Vulnerability Description

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Php	Php	>= 7.3.0, < 7.3.26
Debian	Debian Linux	9.0
Netapp	Clustered Data Ontap	-

Related Weaknesses (CWE)

CWE-20

References

https://bugs.php.net/bug.php?id=77423ExploitIssue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/07/msg00008.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202105-23Third Party Advisory
https://security.netapp.com/advisory/ntap-20210312-0005/Vendor Advisory
https://www.debian.org/security/2021/dsa-4856Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
https://www.tenable.com/security/tns-2021-14Third Party Advisory
https://bugs.php.net/bug.php?id=77423ExploitIssue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/07/msg00008.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/202105-23Third Party Advisory
https://security.netapp.com/advisory/ntap-20210312-0005/Vendor Advisory
https://www.debian.org/security/2021/dsa-4856Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
https://www.tenable.com/security/tns-2021-14Third Party Advisory

FAQ

What is CVE-2020-7071?

CVE-2020-7071 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid U...

How severe is CVE-2020-7071?

CVE-2020-7071 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7071?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Netapp Clustered Data Ontap.