Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802966
Category:Web application abuses
Title:PHP 'main/SAPI.c' HTTP Header Injection Vulnerability
Summary:PHP is prone to an HTTP header injection vulnerability.
Description:Summary:
PHP is prone to an HTTP header injection vulnerability.

Vulnerability Insight:
The sapi_header_op function in main/SAPI.c in PHP does not properly determine
a pointer during checks for %0D sequences.

Vulnerability Impact:
Successful exploitation could allows remote attackers to insert arbitrary
headers, conduct cross-site request-forgery, cross-site scripting,
HTML-injection, and other attacks.

Affected Software/OS:
PHP version prior to 5.3.11, PHP version 5.4.x through 5.4.0RC2 on Windows

Solution:
Update to PHP 5.4.1 RC1 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: BugTraq ID: 55527
BugTraq ID: 55297
Common Vulnerability Exposure (CVE) ID: CVE-2012-4388
https://bugs.php.net/bug.php?id=60227
http://article.gmane.org/gmane.comp.php.devel/70584
http://openwall.com/lists/oss-security/2012/08/29/5
http://openwall.com/lists/oss-security/2012/09/02/1
http://openwall.com/lists/oss-security/2012/09/05/15
http://openwall.com/lists/oss-security/2012/09/07/3
http://www.securitytracker.com/id?1027463
SuSE Security Announcement: SUSE-SU-2013:1315 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html
http://www.ubuntu.com/usn/USN-1569-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1398
RedHat Security Advisories: RHSA-2013:1307
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://secunia.com/advisories/55078
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.