Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Out of support scope | ||
| Red Hat Enterprise Linux 8 | php:7.4/php | Affected | ||
| Red Hat Enterprise Linux 8 | php:8.2/php | Affected | ||
| Red Hat Enterprise Linux 10 | php | Fixed | RHSA-2025:7489 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:4263 | 28.04.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:7418 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:7431 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | php | Fixed | RHSA-2025:7432 | 13.05.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* ...
Stream HTTP wrapper header check might omit basic auth header
EPSS
3.7 Low
CVSS3