CVE-2023-3247

Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

We have discovered 1,061,221 live websites that are affected by CVE-2023-3247.

Affected Software


Product	PHP
Category	Programming Languages
Vulnerable Versions	from 8 before 8.0.29 from 8.1 before 8.1.20 from 8.2 before 8.2.7
Total Vulnerable Versions	507
Vulnerable Domains	1,061,221 live websites (8.77% of PHP install base)

Common Weakness Enumeration

CWE-252 Unchecked Return Value

Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-3247 and the relative popularity of websites

Available Reports

Website List

Details

Published - Jul 22, 2023
Updated - Jul 22, 2023

Credits

Niels Dossche (reporter)
Tim Düsterhus (reporter)

CWE

CWE-252

CVE References

CWE References

cwe.mitre.org

Countries

United States	242,363 websites

Germany	474,694 websites
France	100,403 websites
Netherlands	24,396 websites
GB	21,447 websites
Russia	18,754 websites
Canada	14,103 websites
Italy	12,722 websites
Japan	11,161 websites
Spain	10,596 websites

TLDs

.com	548,857 websites
.de	94,650 websites
.org	58,602 websites
.fr	44,642 websites
.net	41,402 websites
.nl	21,254 websites
.ru	16,349 websites
.co.uk	15,617 websites
.info	10,855 websites
.it	10,838 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2023-3247 through included software libraries and plugins.

References

https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw

Websites affected by CVE-2023-3247

Top websites that are affected by CVE-2023-3247. Please click on the "Contact us" button above to get more information.

Domain	Country	Rank
************.com	Germany	***
*.****.net	Germany	,**
****.com	China	,**
*.**.com	China	,**
***************.org	United States	,**
******.org	United States	,**
*************.vip	United States	,**
********.org	United States	,**
*.*************.com	Croatia	,**
***************.org	United States	,**

See full domain list