CVE-2023-3247
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
Publication Date | 2023-06-08 |
---|---|
Severity | Critical |
Type | Cross-Site Request Forgery |
Affected PHP Versions |
|
Fixed Product Versions |
|
CVE Details
When using HTTP Digest authentication via the SOAP extension, an attacker may be able to spoof credentials in order to utilize the web service.
Recommendations
If using the HTTP Digest authentication with the SOAP extension, we recommend updating your PHP version immediately to one that has patched the vulnerability. If you are unable to do so, we recommend moving the HTTP Digest authentication out of PHP and into your web server as a mitigation.