Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4388

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4388
Last Modified 11 Sep 2013 11:28:21
Published 07 Sep 2012 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4388

Summary

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

Vulnerable Systems

Application

  • Php 5.4.0


References

MISC - https://bugs.php.net/bug.php?id=60227

CONFIRM - http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986

CONFIRM - http://security-tracker.debian.org/tracker/CVE-2012-4388

MLIST - [oss-security] 20120906 Re: Re: php header() header injection detection bypass

MLIST - [oss-security] 20120905 Re: php header() header injection detection bypass

MLIST - [oss-security] 20120901 Re: php header() header injection detection bypass

MLIST - [oss-security] 20120829 php header() header injection detection bypass

MLIST - [internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP

UBUNTU - USN-1569-1

SECTRACK - 1027463

SUSE - SUSE-SU-2013:1315


Last Updated: 27 May 2016 11:00:31