Lucene search

K
cvelistMitreCVELIST:CVE-2011-1398
HistoryAug 30, 2012 - 10:00 p.m.

CVE-2011-1398

2012-08-3022:00:00
mitre
www.cve.org
1

6.2 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

6.2 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%