PHP 'header()' HTTP Header Injection Vulnerability

PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL.

By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.

PHP 5.1.2 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus