CVE-2021-21702
Null Dereference in SoapClient
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
We have discovered 830,634 live websites that are affected by CVE-2021-21702.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 830,634 live websites (6.87% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-21702 and the relative popularity of websitesDetails
- Published - Feb 1, 2021
- Updated - Oct 20, 2021
Credits
- Reported by jgalindo at datto dot com
CWE
CVE References
CWE References
Countries
 United States | 318,595 websites |
 France | 245,470 websites |
 Germany | 19,868 websites |
 Canada | 19,136 websites |
 GB | 18,692 websites |
 Russia | 18,623 websites |
 Poland | 16,405 websites |
 Spain | 14,311 websites |
 Italy | 14,285 websites |
 China | 13,428 websites |
TLDs
| .com | 428,585 websites |
| .fr | 109,155 websites |
| .org | 50,026 websites |
| .net | 26,427 websites |
| .ru | 15,624 websites |
| .be | 13,085 websites |
| .pl | 12,745 websites |
| .de | 11,669 websites |
| .co.uk | 11,601 websites |
| .ca | 11,188 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2021-21702 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=80672
- https://www.debian.org/security/2021/dsa-4856
- https://security.gentoo.org/glsa/202105-23
- https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.tenable.com/security/tns-2021-14
- https://security.netapp.com/advisory/ntap-20210312-0005/
Websites affected by CVE-2021-21702
Top websites that are affected by CVE-2021-21702. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.pl | Poland | *,*** | |
| *******.com | Germany | *,*** | |
| ***************.org | United States | *,*** | |
| ***.**.gov | United States | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** | |
| ********.org | United States | *,*** | |
| ***.*********.com | United States | *,*** | |
| ****.**********.***.uk | GB | *,*** | |
| ****.******.jp |  Japan | *,*** |