Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-1398

Published: 30/08/2012 Updated: 11/10/2013
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Php

Vulnerability Summary

The sapi_header_op function in main/SAPI.c in PHP prior to 5.3.11 and 5.4.x prior to 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote malicious users to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.3.7

php php 5.3.6

php php 5.3.5

php php 5.3.9

php php 5.3.8

php php 5.3.0

php php

php php 5.3.2

php php 5.3.1

php php 5.3.4

php php 5.3.3

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Red Hat: Moderate: php security, bug fix and enhancement update
Synopsis Moderate: php security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated php packages that fix three security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this up ...
Red Hat: Moderate: php53 security, bug fix and enhancement update
Synopsis Moderate: php53 security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated php53 packages that fix multiple security issues, several bugs, andadd one enhancement are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this ...
Red Hat: Critical: php security update
Synopsis Critical: php security update Type/Severity Security Advisory: Critical Topic Updated php packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulnerability Scori ...

Exploits

Exploit DB: PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection
source: wwwsecurityfocuscom/bid/55297/info PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks PHP 512 is vulnerable; other versions may also ...

References

CWE-20http://security-tracker.debian.org/tracker/CVE-2011-1398https://bugs.php.net/bug.php?id=60227http://openwall.com/lists/oss-security/2012/08/29/5http://article.gmane.org/gmane.comp.php.devel/70584http://openwall.com/lists/oss-security/2012/09/05/15http://www.ubuntu.com/usn/USN-1569-1http://www.securitytracker.com/id?1027463http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1307.htmlhttp://secunia.com/advisories/55078https://usn.ubuntu.com/1569-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/37688/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook