PHP 'main/SAPI.c' CVE-2012-4388 HTTP Header Injection Vulnerability

PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL.

By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.

Note that this issue exists due to an incomplete fix for CVE-2011-1398 (BID 55297 PHP 'header()' HTTP Header Injection Vulnerability).

PHP 5.4.0RC2 through 5.4.0 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus