发布于3月6日3月6日 Members Juniper Junos OS: 2024-10 Security Bulletin: Junos OS: J-Web: Multiple vulnerabilities resolved in PHP software. (JSA88120) (multiple CVEs) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/01/2023 Created 10/18/2024 Added 10/14/2024 Modified 10/18/2024 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-0567 CVE - 2023-0567 CVE - 2023-0662 CVE - 2023-3823 JSA88120
