Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Out of support scope | ||
| Red Hat Enterprise Linux 8 | php:7.4/php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:8.2/php | Fix deferred | ||
| Red Hat Enterprise Linux 10 | php | Fixed | RHSA-2025:7489 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:4263 | 28.04.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:7418 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:7431 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:7432 | 13.05.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
Header parser of `http` stream wrapper does not handle folded headers
EPSS
3.7 Low
CVSS3