Back to search
CVE-2011-1398
Published: Aug 30, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20120905 Re: php header() header injection detection bypass
mailing-list
x_refsource_MLIST
http://security-tracker.debian.org/tracker/CVE-2011-1398
x_refsource_CONFIRM
1027463
vdb-entry
x_refsource_SECTRACK
55078
third-party-advisory
x_refsource_SECUNIA
https://bugs.php.net/bug.php?id=60227
x_refsource_MISC
RHSA-2013:1307
vendor-advisory
x_refsource_REDHAT
[oss-security] 20120829 php header() header injection detection bypass
mailing-list
x_refsource_MLIST
SUSE-SU-2013:1315
vendor-advisory
x_refsource_SUSE
[internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP
mailing-list
x_refsource_MLIST
USN-1569-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now