CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4388

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.031

EPSS Ranking 86.2%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2012-4388

Php » Php » Version: 5.3.0

cpe:2.3:a:php:php:5.3.0
Php » Php » Version: 5.3.1

cpe:2.3:a:php:php:5.3.1
Php » Php » Version: 5.3.10

cpe:2.3:a:php:php:5.3.10
Php » Php » Version: 5.3.2

cpe:2.3:a:php:php:5.3.2
Php » Php » Version: 5.3.3

cpe:2.3:a:php:php:5.3.3
Php » Php » Version: 5.3.4

cpe:2.3:a:php:php:5.3.4
Php » Php » Version: 5.3.5

cpe:2.3:a:php:php:5.3.5
Php » Php » Version: 5.3.6

cpe:2.3:a:php:php:5.3.6
Php » Php » Version: 5.3.7

cpe:2.3:a:php:php:5.3.7
Php » Php » Version: 5.3.8

cpe:2.3:a:php:php:5.3.8
Php » Php » Version: 5.3.9

cpe:2.3:a:php:php:5.3.9
Php » Php » Version: 5.4.0

cpe:2.3:a:php:php:5.4.0
Canonical » Ubuntu Linux » Version: 10.04

cpe:2.3:o:canonical:ubuntu_linux:10.04
Canonical » Ubuntu Linux » Version: 11.04

cpe:2.3:o:canonical:ubuntu_linux:11.04
Canonical » Ubuntu Linux » Version: 11.10

cpe:2.3:o:canonical:ubuntu_linux:11.10
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 8.04

cpe:2.3:o:canonical:ubuntu_linux:8.04
Debian » Debian Linux » Version: 6.0

cpe:2.3:o:debian:debian_linux:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4388

Products

Pricing

Contact Us