Innovate faster and cut risk with PHP experts from Zend Services.
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
When using HTTP Digest authentication via the SOAP extension, an attacker may be able to spoof credentials in order to utilize the web service.
If using the HTTP Digest authentication with the SOAP extension, we recommend updating your PHP version immediately to one that has patched the vulnerability. If you are unable to do so, we recommend moving the HTTP Digest authentication out of PHP and into your web server as a mitigation.
Direct link to CVE-2023-3247 >
< View all CVEs