Release date: 2012-09-05
Updated on:
Affected Systems:
PHP 5.4.0RC2-5.4.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55527
Cve id: CVE-2012-4388
PHP is an embedded HTML language. PHP is similar to Microsoft's ASP. It is a script language that is executed on the server side and embedded in HTML documents, the language style is similar to the C language and is widely used by many website programmers.
Main/SAPI of PHP 5.4.0RC2-5.4.0. the sapi_header_op function in c does not correctly determine the pointer when checking the % 0D sequence. Remote attackers can bypass the HTTP Response isolation protection mechanism through specially crafted URLs, the PHP header function related to this URL directly does not interact properly with Some browsers.
<* Source: Mr. Tokumaru
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.php.net