{"id":"CVE-2017-7272","details":"PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.","modified":"2026-05-17T11:54:46.385594311Z","published":"2017-03-27T17:59:00.977Z","related":["SUSE-SU-2017:1585-1","SUSE-SU-2017:1709-1"],"database_specific":{},"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038158"},{"type":"WEB","url":"https://bugs.php.net/bug.php?id=75505"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97178"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180112-0001/"},{"type":"ADVISORY","url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt"},{"type":"REPORT","url":"https://bugs.php.net/bug.php?id=74216"},{"type":"FIX","url":"https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}]}