High severity7.4NVD Advisory· Published Mar 27, 2017· Updated Jun 17, 2026
CVE-2017-7272
CVE-2017-7272
Description
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords3 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 5.3.17-108.1+ 2 more
- (no CPE)range: < 5.3.17-108.1
- (no CPE)range: < 5.3.17-108.1
- (no CPE)range: < 5.3.17-108.1
Patches
Vulnerability mechanics
References
7- github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595anvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/97178nvdThird Party AdvisoryVDB Entry
- bugs.php.net/bug.phpnvdIssue TrackingVendor Advisory
- www.securitytracker.com/id/1038158nvd
- bugs.php.net/bug.phpnvd
- security.netapp.com/advisory/ntap-20180112-0001/nvd
- www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txtnvd
News mentions
0No linked articles in our index yet.