Test ID:	1.3.6.1.4.1.25623.1.0.71867
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: php5
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: php5 php52 php53 CVE-2011-1398 The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 does not properly handle %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1398 https://bugs.php.net/bug.php?id=60227 http://article.gmane.org/gmane.comp.php.devel/70584 http://openwall.com/lists/oss-security/2012/08/29/5 http://openwall.com/lists/oss-security/2012/09/05/15 RedHat Security Advisories: RHSA-2013:1307 http://rhn.redhat.com/errata/RHSA-2013-1307.html http://www.securitytracker.com/id?1027463 http://secunia.com/advisories/55078 SuSE Security Announcement: SUSE-SU-2013:1315 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html http://www.ubuntu.com/usn/USN-1569-1
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.