{"api_version":"1","generated_at":"2026-04-23T02:36:14+00:00","cve":"CVE-2020-7066","urls":{"html":"https://cve.report/CVE-2020-7066","api":"https://cve.report/api/cve/CVE-2020-7066.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7066","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7066"},"summary":{"title":"CVE-2020-7066","description":"In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.","state":"PUBLIC","assigner":"security@php.net","published_at":"2020-04-01 04:15:00","updated_at":"2022-05-08 23:51:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2020/dsa-4719","name":"DSA-4719","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4719-1 php7.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200403-0001/","name":"https://security.netapp.com/advisory/ntap-20200403-0001/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"March 2020 PHP Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html","name":"openSUSE-SU-2020:0642","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0642-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html","name":"[debian-lts-announce] 20200426 [SECURITY] [DLA 2188-1] php5 security update","refsource":"MLIST","tags":["Third Party Advisory"],"title":"[SECURITY] [DLA 2188-1] php5 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.tenable.com/security/tns-2021-14","name":"https://www.tenable.com/security/tns-2021-14","refsource":"CONFIRM","tags":[],"title":"[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugs.php.net/bug.php?id=79329","name":"https://bugs.php.net/bug.php?id=79329","refsource":"MISC","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"],"title":"PHP :: Sec Bug #79329 :: get_headers() silently truncates after a null byte","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4330-2/","name":"USN-4330-2","refsource":"UBUNTU","tags":[],"title":"USN-4330-2: PHP vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4717","name":"DSA-4717","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4717-1 php7.0","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7066","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7066","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"64796c6e69 at gmail dot com","lang":""}],"nvd_cpes":[{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"tenable.sc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7066","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"tenable.sc","cpe6":"5.19.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-7066","qid":"296074","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 22.69.4 Missing (CPUAPR2020)"},{"cve":"CVE-2020-7066","qid":"501137","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2020-7066","qid":"752878","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4067-1)"},{"cve":"CVE-2020-7066","qid":"940250","title":"AlmaLinux Security Update for php:7.3 (ALSA-2020:3662)"},{"cve":"CVE-2020-7066","qid":"960421","title":"Rocky Linux Security Update for php:7.3 (RLSA-2020:3662)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@php.net","DATE_PUBLIC":"2020-03-17T05:39:00.000Z","ID":"CVE-2020-7066","STATE":"PUBLIC","TITLE":"get_headers() silently truncates after a null byte"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"PHP Group","product":{"product_data":[{"product_name":"PHP","version":{"version_data":[{"version_value":"7.2.x below 7.2.29"},{"version_value":"7.3.x below 7.3.16"},{"version_value":"7.4.x below 7.4.4"}]}}]}}]}},"credit":[{"lang":"eng","value":"64796c6e69 at gmail dot com"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-170 Improper Null Termination"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://bugs.php.net/bug.php?id=79329","name":"https://bugs.php.net/bug.php?id=79329"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200403-0001/","url":"https://security.netapp.com/advisory/ntap-20200403-0001/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200426 [SECURITY] [DLA 2188-1] php5 security update","url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html"},{"refsource":"UBUNTU","name":"USN-4330-2","url":"https://usn.ubuntu.com/4330-2/"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0642","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html"},{"refsource":"DEBIAN","name":"DSA-4717","url":"https://www.debian.org/security/2020/dsa-4717"},{"refsource":"DEBIAN","name":"DSA-4719","url":"https://www.debian.org/security/2020/dsa-4719"},{"refsource":"CONFIRM","name":"https://www.tenable.com/security/tns-2021-14","url":"https://www.tenable.com/security/tns-2021-14"}]},"source":{"defect":["https://bugs.php.net/bug.php?id=79329"],"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2020-04-01 04:15:00","lastModifiedDate":"2022-05-08 23:51:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.3.16","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.29","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:tenable.sc:5.19.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7066","Ordinal":"167337","Title":"CVE-2020-7066","CVE":"CVE-2020-7066","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7066","Ordinal":"1","NoteData":"In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7066","Ordinal":"2","NoteData":"2020-03-31","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7066","Ordinal":"3","NoteData":"2021-07-22","Type":"Other","Title":"Modified"}]}}}