CVE-2012-4388

 

Published at: - 08-09-2012 12:55

Last modified: - 19-01-2023 05:30

Total changes: - 2

Description

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:N/I:P/A:N

 

Verification logic

 

Reference

• [oss-security] 20120829 php header() header injection detection bypass-Mailing List, Third Party Advisory
• [oss-security] 20120906 Re: Re: php header() header injection detection bypass-Mailing List, Third Party Advisory
• [oss-security] 20120901 Re: php header() header injection detection bypass-Mailing List, Third Party Advisory
• [internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP-Broken Link
• http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986
• [oss-security] 20120905 Re: php header() header injection detection bypass-Mailing List, Third Party Advisory
• https://bugs.php.net/bug.php?id=60227
• http://security-tracker.debian.org/tracker/CVE-2012-4388
• USN-1569-1-Third Party Advisory
• 1027463-Third Party Advisory, VDB Entry
• SUSE-SU-2013:1315-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2012-4388

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures