Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2012-4388

Published: 7 September 2012

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

Notes

AuthorNote
tyhicks
5.4.x, before 5.4.1-rc1 received the incomplete fix
mdeslaur
Incomplete fix for CVE-2011-1398, see CVE-2011-1398 for
regression fix commits

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
hardy
Released (5.2.4-2ubuntu5.26)
lucid
Released (5.3.2-1ubuntu4.18)
natty
Released (5.3.5-1ubuntu7.11)
oneiric
Released (5.3.6-13ubuntu3.9)
precise
Released (5.3.10-1ubuntu3.4)
upstream
Released (5.3.11,5.4.1~rc1-1)