Back to search
CVE-2015-8935
Published: Aug 7, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2016:1761
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2016:1922
vendor-advisory
x_refsource_SUSE
RHSA-2016:2750
vendor-advisory
x_refsource_REDHAT
[oss-security] 20160620 CVE request for PHP bug #68978: "XSS in header() with Internet Explorer" (2015)
mailing-list
x_refsource_MLIST
https://bugs.php.net/bug.php?id=68978
x_refsource_CONFIRM
SUSE-SU-2016:2013
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now