NVD

Id
8342  
Name
CVE-2011-1398  
Description
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2012-08-30  
Modified Date
2013-10-10  
Seq
2011-1398  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
47776 8342 CVE-2011-1398 [internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP  View
47777 8342 CVE-2011-1398 SUSE-SU-2013:1315  View
47778 8342 CVE-2011-1398 [oss-security] 20120829 php header() header injection detection bypass  View
47779 8342 CVE-2011-1398 [oss-security] 20120905 Re: php header() header injection detection bypass  View
47780 8342 CVE-2011-1398 RHSA-2013:1307  View
47781 8342 CVE-2011-1398 http://security-tracker.debian.org/tracker/CVE-2011-1398  View
47782 8342 CVE-2011-1398 1027463  View
47783 8342 CVE-2011-1398 USN-1569-1  View
47784 8342 CVE-2011-1398 https://bugs.php.net/bug.php?id=60227  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28303 JVNDB-2012-004010 PHP の main/SAPI.c における HTTP レスポンス分割の保護メカニズムを回避される脆弱性 PHP の main/SAPI.c 内の sapi_header_op 関数は、%0D シーケンス (キャリッジリターンを含む文字列) を適切に処理しないため、HTTP レスポンス分割の保護メカニズムを回避される脆弱性が存在します。 CVE-2011-1398 49305 CVE-2011-1398 8342 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004010.html 2012-04-26 2012-09-03 View