CVE-2012-4388

Publication date 7 September 2012

Last updated 24 July 2024

Ubuntu priority

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	12.04 LTS precise	Fixed 5.3.10-1ubuntu3.4
	11.10 oneiric	Fixed 5.3.6-13ubuntu3.9
	11.04 natty	Fixed 5.3.5-1ubuntu7.11
	10.04 LTS lucid	Fixed 5.3.2-1ubuntu4.18
	8.04 LTS hardy	Fixed 5.2.4-2ubuntu5.26

Notes

tyhicks

5.4.x, before 5.4.1-rc1 received the incomplete fix

mdeslaur

Incomplete fix for CVE-2011-1398, see CVE-2011-1398 for regression fix commits

References

Related Ubuntu Security Notices (USN)

USN-1569-1
PHP vulnerabilities
17 September 2012

CVE-2012-4388

Status

Notes

References

Related Ubuntu Security Notices (USN)

Other references