exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2011-1398

Status Candidate

Overview

The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

Related Files

Red Hat Security Advisory 2013-1814-01
Posted Dec 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1814-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2011-1398, CVE-2012-2688, CVE-2013-1643, CVE-2013-6420
SHA-256 | a4e1d08541902fd7fe4e90fbe8ae7921cd07ad583ab8f09120fdca658d4ada1c
Red Hat Security Advisory 2013-1307-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1307-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2006-7243, CVE-2011-1398, CVE-2012-0831, CVE-2012-2688, CVE-2013-1643, CVE-2013-4248
SHA-256 | 329966a55bfeee91b34efdf6e4c6fdb40fa5bff4b1c4705ad759326610acb9fd
Red Hat Security Advisory 2013-0514-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0514-02 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2011-1398, CVE-2012-0831, CVE-2012-2688
SHA-256 | 51ca25f841a5b9db7f1889bde177da130e829b07d0bf513a8219250ea936a8f8
Gentoo Linux Security Advisory 201209-03
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-3 - Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. Versions less than 5.3.15 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1398, CVE-2011-3379, CVE-2011-4566, CVE-2011-4885, CVE-2012-0057, CVE-2012-0788, CVE-2012-0789, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172, CVE-2012-1823, CVE-2012-2143, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386, CVE-2012-2688, CVE-2012-3365, CVE-2012-3450
SHA-256 | 9f816b924ad418620e160f8c0c949d6a934cbb7b2edf6d8854a05c114583d85c
Ubuntu Security Notice USN-1569-1
Posted Sep 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2012-2688, CVE-2012-3450, CVE-2011-1398, CVE-2012-2688, CVE-2012-3450, CVE-2012-4388
SHA-256 | ca286c3dc3421c19e6fd6053965096637970d19dc1b7ac9c4b2b75b876f38310
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close