Search for vulnerabilities
Vulnerability details: VCID-dk89-5t7v-aaaq
Vulnerability ID VCID-dk89-5t7v-aaaq
Aliases CVE-2024-2756
Summary Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2756.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.0044 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.00446 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.03402 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.04423 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.06617 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.06617 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.06617 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.06617 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.06617 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.06617 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.07605 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.07605 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.07605 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.07605 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.08562 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.08562 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.08562 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.08562 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.08562 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.08774 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.09588 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.10495 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.10495 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.10495 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.10495 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.10495 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.10495 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
epss 0.10495 https://api.first.org/data/v1/epss?cve=CVE-2024-2756
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2756.json
https://api.first.org/data/v1/epss?cve=CVE-2024-2756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3096
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html
https://security.netapp.com/advisory/ntap-20240510-0008/
http://www.openwall.com/lists/oss-security/2024/04/12/11
2275058 https://bugzilla.redhat.com/show_bug.cgi?id=2275058
CVE-2024-2756 https://nvd.nist.gov/vuln/detail/CVE-2024-2756
GLSA-202408-32 https://security.gentoo.org/glsa/202408-32
RHSA-2024:10949 https://access.redhat.com/errata/RHSA-2024:10949
RHSA-2024:10950 https://access.redhat.com/errata/RHSA-2024:10950
RHSA-2024:10951 https://access.redhat.com/errata/RHSA-2024:10951
RHSA-2024:10952 https://access.redhat.com/errata/RHSA-2024:10952
RHSA-2025:7315 https://access.redhat.com/errata/RHSA-2025:7315
USN-6757-1 https://usn.ubuntu.com/6757-1/
USN-6757-2 https://usn.ubuntu.com/6757-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2756.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.16666
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:52:15.451927+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/community.json 34.0.0rc4