Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1398

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1398
Last Modified 10 Oct 2013 11:34:31
Published 30 Aug 2012 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1398

Summary

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

Vulnerable Systems

Application

  • Php 5.3.0

  • Php 5.3.1

  • Php 5.3.10

  • Php 5.3.2

  • Php 5.3.3

  • Php 5.3.4

  • Php 5.3.5

  • Php 5.3.6

  • Php 5.3.7

  • Php 5.3.8

  • Php 5.3.9


References

CONFIRM - https://bugs.php.net/bug.php?id=60227

CONFIRM - http://www.php.net/ChangeLog-5.php

CONFIRM - http://security-tracker.debian.org/tracker/CVE-2011-1398

MLIST - [oss-security] 20120829 php header() header injection detection bypass

MLIST - [oss-security] 20120905 Re: php header() header injection detection bypass

MLIST - [internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP

UBUNTU - USN-1569-1

SECTRACK - 1027463

SUSE - SUSE-SU-2013:1315

SECUNIA - 55078

REDHAT - RHSA-2013:1307

Related Patches

Novell SUSE 2012:6777 apache2-mod_php5 security update for SLES 11 SP2 i586

Novell SUSE 2012:6777 apache2-mod_php5 security update for SLES 11 SP2 x86_64

Novell SUSE 2012:6778 apache2-mod_php53 security update for SLES 11 SP2 i586

Novell SUSE 2012:6778 apache2-mod_php53 security update for SLES 11 SP2 x86_64

Novell SUSE 2012:8293 apache2-mod_php5 security update for SLES 10 SP4 i586

Novell SUSE 2012:8293 apache2-mod_php5 security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:25