Lucene search
PRIOn knowledge basePRION:CVE-2015-8935HistoryAug 07, 2016 - 10:59 a.m.
Cross site scripting
2016-08-0710:59:00
PRIOn knowledge base
www.prio-n.com
4
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php | eq | 5.6.1 | |
| php | eq | 5.5.0 alpha1 | |
| php | eq | 5.6.0 alpha5 | |
| php | eq | 5.6.5 | |
| php | eq | 5.5.0 alpha3 | |
| php | eq | 5.5.19 | |
| php | eq | 5.5.0 beta3 | |
| php | eq | 5.5.0 | |
| php | eq | 5.6.0 beta2 | |
| php | eq | 5.6.0 beta1 |
References
lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html
lists.opensuse.org/opensuse-updates/2016-08/msg00003.html
rhn.redhat.com/errata/RHSA-2016-2750.html
www.openwall.com/lists/oss-security/2016/06/20/3
bugs.php.net/bug.php?id=68978
github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b?w=1
Related
nvd
nvd
CVE-2015-8935
2016-08-07 10:59:01
ubuntucve
ubuntucve
CVE-2015-8935
2016-06-21 00:00:00
cve
cve
CVE-2015-8935
2016-08-07 10:59:01
f5
f5
SOL63712424 - PHP vulnerability CVE-2015-8935
2016-10-18 00:00:00
K63712424 : PHP vulnerability CVE-2015-8935
2016-10-18 00:00:00
openvas
openvas
PHP Cross-Site Scripting Vulnerability (Aug 2016) - Windows
2016-08-17 00:00:00
F5 BIG-IP - PHP vulnerability CVE-2015-8935
2016-10-24 00:00:00
PHP Cross-Site Scripting Vulnerability (Aug 2016) - Linux
2016-08-17 00:00:00
hackerone
hackerone
cvelist
cvelist
CVE-2015-8935
2016-08-07 10:00:00
nessus
nessus
F5 Networks BIG-IP : PHP vulnerability (SOL63712424)
2016-10-19 00:00:00
SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2013-1)
2016-09-02 00:00:00
openSUSE Security Update : shotwell (openSUSE-2016-844)
2016-03-23 00:00:00
ibm
ibm
suse
suse
Security update for php53 (important)
2016-08-09 17:37:56
Security update for php5 (important)
2016-07-07 18:08:23
Security update for php5 (important)
2016-08-16 13:10:01
veracode
veracode
Cross-Site Scripting (XSS)
2019-05-02 05:39:30
cloudfoundry
cloudfoundry
USN-3045-1 PHP vulnerabilities | Cloud Foundry
2016-09-09 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2016-08-02 00:00:00
redhat
redhat
(RHSA-2015:1066) Important: php54 security and bug fix update
2015-06-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45