SecuritySpace - CVE-2016-10397

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-10397

Description: In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).

Test IDs: 1.3.6.1.4.1.25623.1.0.891034

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-10397
BugTraq ID: 99552
http://www.securityfocus.com/bid/99552

CVE ID:	CVE-2016-10397
Description:	In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).
Test IDs:	1.3.6.1.4.1.25623.1.0.891034
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10397 BugTraq ID: 99552 http://www.securityfocus.com/bid/99552