PHP sapi_header_op HTTP Header Injection Vulnerability (CVE-2011-1398)
Gravedad: Medio
Identificadores de CVE : 2011-1398
Fecha recomendada: 21 de julio de 2015
Descripción
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Name: 1000128 - HTTP Protocol Decoding
Software y versión afectados
- php php 5.3.0
- php php 5.3.1
- php php 5.3.10
- php php 5.3.2
- php php 5.3.3
- php php 5.3.4
- php php 5.3.5
- php php 5.3.6
- php php 5.3.7
- php php 5.3.8
- php php 5.3.9