PHP 'main/SAPI.c' CVE-2012-4388 HTTP Header Injection Vulnerability
PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL.
By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.
Note that this issue exists due to an incomplete fix for CVE-2011-1398 (BID 55297 PHP 'header()' HTTP Header Injection Vulnerability).
PHP 5.4.0RC2 through 5.4.0 are vulnerable.