Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-8935

Опубликовано: 07 авг. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

released

5.5.9+dfsg-1ubuntu4.19
precise

released

5.3.10-1ubuntu3.24
trusty

released

5.5.9+dfsg-1ubuntu4.19
trusty/esm

released

5.5.9+dfsg-1ubuntu4.19
upstream

released

5.5.22
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

not-affected

5.6.11+dfsg-1ubuntu3.4
xenial

DNE

Показывать по

РелизСтатусПримечание
devel

not-affected

7.0.7-4ubuntu2
esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

7.0.4-7ubuntu2.1
precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

not-affected

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 78%
0.0114
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-8935

CVSS3: 3.1
redhat
почти 11 лет назад

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

nvd логотип

CVE-2015-8935

CVSS3: 6.1
nvd
около 9 лет назад

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

debian логотип

CVE-2015-8935

CVSS3: 6.1
debian
около 9 лет назад

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...

github логотип

GHSA-xghf-rfpw-9v3h

CVSS3: 6.1
github
больше 3 лет назад

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

fstec логотип

BDU:2022-02517

CVSS3: 6.1
fstec
около 9 лет назад

Уязвимость функции sapi_header_op интерпретатора языка программирования PHP, позволяющая нарушителю провести XSS-атаки

EPSS

Процентиль: 78%
0.0114
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Уязвимость CVE-2015-8935