In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
References
Link | Resource |
---|---|
https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20250523-0009/ | Third Party Advisory |
Configurations
History
02 Jul 2025, 20:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp
Php Php php Netapp ontap |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
|
References | () https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44 - Vendor Advisory | |
References | () https://security.netapp.com/advisory/ntap-20250523-0009/ - Third Party Advisory |
23 May 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Apr 2025, 20:26
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Mar 2025, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-30 06:15
Updated : 2025-07-02 20:13
NVD link : CVE-2025-1734
Mitre link : CVE-2025-1734
CVE.ORG link : CVE-2025-1734
JSON object : View
Products Affected
netapp
- ontap
php
- php
CWE
CWE-20
Improper Input Validation