CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
86.6%
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0
does not properly determine a pointer during checks for %0D sequences (aka
carriage return characters), which allows remote attackers to bypass an
HTTP response-splitting protection mechanism via a crafted URL, related to
improper interaction between the PHP header function and certain browsers,
as demonstrated by Internet Explorer and Google Chrome. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2011-1398.
Author | Note |
---|---|
tyhicks | 5.4.x, before 5.4.1-rc1 received the incomplete fix |
mdeslaur | Incomplete fix for CVE-2011-1398, see CVE-2011-1398 for regression fix commits |