Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2012-4388

Опубликовано: 07 сент. 2012
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

РелизСтатусПримечание
devel

not-affected

5.4.6-1ubuntu1
hardy

released

5.2.4-2ubuntu5.26
lucid

released

5.3.2-1ubuntu4.18
natty

released

5.3.5-1ubuntu7.11
oneiric

released

5.3.6-13ubuntu3.9
precise

released

5.3.10-1ubuntu3.4
upstream

released

5.3.11,5.4.1~rc1-1

Показывать по

EPSS

Процентиль: 84%
0.02219
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat
почти 13 лет назад

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

nvd
почти 13 лет назад

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

debian
почти 13 лет назад

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4 ...

github
больше 3 лет назад

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

EPSS

Процентиль: 84%
0.02219
Низкий

4.3 Medium

CVSS2