Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1398
HistoryAug 30, 2012 - 12:00 a.m.

CVE-2011-1398

2012-08-3000:00:00
ubuntu.com
ubuntu.com
10

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

86.3%

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x
before 5.4.0RC2 does not check for %0D sequences (aka carriage return
characters), which allows remote attackers to bypass an HTTP
response-splitting protection mechanism via a crafted URL, related to
improper interaction between the PHP header function and certain browsers,
as demonstrated by Internet Explorer and Google Chrome.

Bugs

Notes

Author Note
tyhicks Incomplete fix is tracked as CVE-2012-4388
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.26UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.18UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.11UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.9UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.4UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

86.3%