QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4388

Published: Sep 7, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://security-tracker.debian.org/tracker/CVE-2012-4388

x_refsource_CONFIRM

[oss-security] 20120905 Re: php header() header injection detection bypass

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

[oss-security] 20120906 Re: Re: php header() header injection detection bypass

mailing-list

x_refsource_MLIST

http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986

x_refsource_CONFIRM

https://bugs.php.net/bug.php?id=60227

x_refsource_MISC

[oss-security] 20120829 php header() header injection detection bypass

mailing-list

x_refsource_MLIST

[oss-security] 20120901 Re: php header() header injection detection bypass

mailing-list

x_refsource_MLIST

SUSE-SU-2013:1315

vendor-advisory

x_refsource_SUSE

[internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.