CVE-2016-10397

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-10397
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10397.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-10397
Downstream
Related
Published
2017-07-10T14:29:00.417Z
Modified
2026-03-20T11:06:41.454024Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parseurl function (implemented in the phpurlparseex function in ext/standard/url.c).

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e42bdcb7aa74c7846b984ef25462780ed135103f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
60fffd296abce5fc071f3c173c25a2696cf683c6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4054ec69da7631046f19d54ab06f09728a208b8b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
038c63cdea0472176ec2fdb162cfbd96e8c5f83e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4e1b8701573698f56e12672e4991d7e6239138d2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e09845d32614a19188632f410316478fbb440ebd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
249a8fd9ae2324c84ede7ecfca6f6026e6d87df6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
734a5fca2c4731e34eca551f28be9a10ffc3f3c9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fb59213fc461f079bc218abf44cb5e2b4db2182c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a36407215f69ba2debf77933dcb3faa0c3ba2d04
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9d582eba7448f1495fae62b13d95d2844ce6b28a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
da12ca9c1ed03084e6803f5e81e46f2e0a80460a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e2874f7bf990ed58ba6f7abccefa2c00a0447fc7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
140e2adb5ab8a5ed0624366c0416f07b8aa17254
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.27"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.12"
        }
    ]
}

Affected versions

Other
NEWS
NEWS-cvs2svn
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_NATIVE_TLS_MERGE
POST_PHP7_EREG_MYSQL_REMOVALS
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_NATIVE_TLS_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
PRE_PHPNG_MERGE
php-5.*
php-5.3.23RC1
php-5.3.29
php-5.3.29RC1
php-5.4.30RC1
php-5.4.32RC1
php-5.4.4RC2
php-5.5.24RC1
php-5.6.18RC1
php-5.6.19RC1
php-5.6.22RC1
php-5.6.23RC1
php-5.6.24RC1
php-5.6.27
php-5.6.27RC1
php-7.*
php-7.0.0
php-7.0.0RC1
php-7.0.0RC2
php-7.0.0RC3
php-7.0.0RC4
php-7.0.0RC5
php-7.0.0RC6
php-7.0.0RC7
php-7.0.0RC8
php-7.0.0alpha1
php-7.0.0alpha2
php-7.0.0beta1
php-7.0.0beta2
php-7.0.0beta3
php-7.0.1
php-7.0.10
php-7.0.10RC1
php-7.0.11
php-7.0.11RC1
php-7.0.12
php-7.0.12RC1
php-7.0.1RC1
php-7.0.2
php-7.0.2RC1
php-7.0.3
php-7.0.3RC1
php-7.0.4
php-7.0.4RC1
php-7.0.5
php-7.0.5RC1
php-7.0.6
php-7.0.6RC1
php-7.0.7
php-7.0.7RC1
php-7.0.8
php-7.0.8RC1
php-7.0.9
php-7.0.9RC1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10397.json"