CVE-2022-36032— ReactPHP HTTP 安全漏洞

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

输入验证不恰当

ReactPHP HTTP 安全漏洞

ReactPHP HTTP是ReactPHP开源的一个 ReactPHP 的事件驱动、流式 HTTP 客户端和服务器实现。 ReactPHP HTTP 0.7.0至1.7.0之前的版本存在安全漏洞，该漏洞源于当ReactPHP处理传入的HTTP cookie值时，cookie名称是经过url解码的。这可能会导致带有“__Host-”和“__Secure-”前缀的cookie与解码到这种前缀的cookie混淆，从而导致攻击者能够伪造被认为是安全的cookie。

N/A

N/A