Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-4388
HistorySep 07, 2012 - 12:00 a.m.

CVE-2012-4388

2012-09-0700:00:00
ubuntu.com
ubuntu.com
13

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.7%

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0
does not properly determine a pointer during checks for %0D sequences (aka
carriage return characters), which allows remote attackers to bypass an
HTTP response-splitting protection mechanism via a crafted URL, related to
improper interaction between the PHP header function and certain browsers,
as demonstrated by Internet Explorer and Google Chrome. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2011-1398.

Bugs

Notes

Author Note
tyhicks 5.4.x, before 5.4.1-rc1 received the incomplete fix
mdeslaur Incomplete fix for CVE-2011-1398, see CVE-2011-1398 for regression fix commits
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.26UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.18UNKNOWN
ubuntu11.04noarchphp5< 5.3.5-1ubuntu7.11UNKNOWN
ubuntu11.10noarchphp5< 5.3.6-13ubuntu3.9UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.4UNKNOWN

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.7%