PHP 'main/SAPI.c' HTTP Header Injection Vulnerability Network Vulnerability

Summary

This host is running PHP and is prone to HTTP header injection vulnerability.

Impact

Successful exploitation could allows remote attackers to insert arbitrary headers, conduct cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks. Impact Level: Application

Solution

Upgrade to PHP 5.4.1 RC1 or later For updates refer to http://www.php.net/downloads.php

Insight

The sapi_header_op function in main/SAPI.c in PHP does not properly determine a pointer during checks for %0D sequences.

Affected

PHP version prior to 5.3.11 PHP version 5.4.x through 5.4.0RC2

References

http://openwall.com/lists/oss-security/2012/09/02/1
http://openwall.com/lists/oss-security/2012/09/05/15
http://openwall.com/lists/oss-security/2012/09/07/3
http://security-tracker.debian.org/tracker/CVE-2012-4388

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-1398, CVE-2012-4388

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Apache Tomcat Remote Code Execution Vulnerability - Sep14
Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)

Take action and discover your vulnerabilities