FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1398

This CVE name corresponds to:

Entered Topic
2012-09-05 php5 -- header splitting attack via carriage-return character

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-1398 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-1398
Phase Assigned(20110310)

Description

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

References

Source Reference
MLIST [internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP
MLIST [oss-security] 20120829 php header() header injection detection bypass
MLIST [oss-security] 20120905 Re: php header() header injection detection bypass
MISC https://bugs.php.net/bug.php?id=60227
CONFIRM http://security-tracker.debian.org/tracker/CVE-2011-1398
REDHAT RHSA-2013:1307
SUSE SUSE-SU-2013:1315
UBUNTU USN-1569-1
SECTRACK 1027463
SECUNIA 55078

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.