OSVDB ID: 85086

Title: PHP main/SAPI.c sapi_header_op Function %0D Sequence Handling HTTP Response Splitting Protection Bypass

Info

Disclosure

Nov 06, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 26, 2012

Description

PHP contains a flaw that allows an attacker to bypass protection against HTTP response splitting attacks. This flaw exists because the sapi_header_op function in main/SAPI.c does not properly handle %0D sequences. This may allow an attacker to bypass protection against the insertion of arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 5.3.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

The PHP Group

PHP

5.3.10

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/85086