Oval Definition:oval:org.opensuse.security:def:20124388
Revision Date:2017-09-27Version:1
Title:CVE-2012-4388
Description:

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2012-4388
Platform(s):SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for x86
SLE SDK 10 SP4 for X86-64
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 for IBM POWER
SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP4 for IPF
SUSE Linux Enterprise Server 10 SP4 for x86
SUSE Linux Enterprise Server 11 SP1 for Teradata
SUSE Linux Enterprise Server 11 SP1 LTSS
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Teradata 10 SP3 for AMD64 and Intel EM64T
Product(s):
Definition Synopsis
  • Release Information
  • sles10-sp3-ltss is installed
  • AND
  • apache2-mod_php5 less than 5.2.14-0.42.1
  • OR php5-bcmath less than 5.2.14-0.42.1
  • OR php5-bz2 less than 5.2.14-0.42.1
  • OR php5-calendar less than 5.2.14-0.42.1
  • OR php5-ctype less than 5.2.14-0.42.1
  • OR php5-curl less than 5.2.14-0.42.1
  • OR php5-dba less than 5.2.14-0.42.1
  • OR php5-dbase less than 5.2.14-0.42.1
  • OR php5-devel less than 5.2.14-0.42.1
  • OR php5-dom less than 5.2.14-0.42.1
  • OR php5-exif less than 5.2.14-0.42.1
  • OR php5-fastcgi less than 5.2.14-0.42.1
  • OR php5-ftp less than 5.2.14-0.42.1
  • OR php5-gd less than 5.2.14-0.42.1
  • OR php5-gettext less than 5.2.14-0.42.1
  • OR php5-gmp less than 5.2.14-0.42.1
  • OR php5-hash less than 5.2.14-0.42.1
  • OR php5-iconv less than 5.2.14-0.42.1
  • OR php5-imap less than 5.2.14-0.42.1
  • OR php5-json less than 5.2.14-0.42.1
  • OR php5-ldap less than 5.2.14-0.42.1
  • OR php5-mbstring less than 5.2.14-0.42.1
  • OR php5-mcrypt less than 5.2.14-0.42.1
  • OR php5-mhash less than 5.2.14-0.42.1
  • OR php5-mysql less than 5.2.14-0.42.1
  • OR php5-ncurses less than 5.2.14-0.42.1
  • OR php5-odbc less than 5.2.14-0.42.1
  • OR php5-openssl less than 5.2.14-0.42.1
  • OR php5-pcntl less than 5.2.14-0.42.1
  • OR php5-pdo less than 5.2.14-0.42.1
  • OR php5-pear less than 5.2.14-0.42.1
  • OR php5-pgsql less than 5.2.14-0.42.1
  • OR php5-posix less than 5.2.14-0.42.1
  • OR php5-pspell less than 5.2.14-0.42.1
  • OR php5-shmop less than 5.2.14-0.42.1
  • OR php5-snmp less than 5.2.14-0.42.1
  • OR php5-soap less than 5.2.14-0.42.1
  • OR php5-sockets less than 5.2.14-0.42.1
  • OR php5-sqlite less than 5.2.14-0.42.1
  • OR php5-suhosin less than 5.2.14-0.42.1
  • OR php5-sysvmsg less than 5.2.14-0.42.1
  • OR php5-sysvsem less than 5.2.14-0.42.1
  • OR php5-sysvshm less than 5.2.14-0.42.1
  • OR php5-tokenizer less than 5.2.14-0.42.1
  • OR php5-wddx less than 5.2.14-0.42.1
  • OR php5-xmlreader less than 5.2.14-0.42.1
  • OR php5-xmlrpc less than 5.2.14-0.42.1
  • OR php5-xsl less than 5.2.14-0.42.1
  • OR php5-zlib less than 5.2.14-0.42.1
  • OR Package Information
  • sles10-sp4 is installed
  • apache2-mod_php5 less than 5.2.14-0.40.1
  • OR php5-bcmath less than 5.2.14-0.40.1
  • OR php5-bz2 less than 5.2.14-0.40.1
  • OR php5-calendar less than 5.2.14-0.40.1
  • OR php5-ctype less than 5.2.14-0.40.1
  • OR php5-curl less than 5.2.14-0.40.1
  • OR php5-dba less than 5.2.14-0.40.1
  • OR php5-dbase less than 5.2.14-0.40.1
  • OR php5-devel less than 5.2.14-0.40.1
  • OR php5-dom less than 5.2.14-0.40.1
  • OR php5-exif less than 5.2.14-0.40.1
  • OR php5-fastcgi less than 5.2.14-0.40.1
  • OR php5-ftp less than 5.2.14-0.40.1
  • OR php5-gd less than 5.2.14-0.40.1
  • OR php5-gettext less than 5.2.14-0.40.1
  • OR php5-gmp less than 5.2.14-0.40.1
  • OR php5-hash less than 5.2.14-0.40.1
  • OR php5-iconv less than 5.2.14-0.40.1
  • OR php5-imap less than 5.2.14-0.40.1
  • OR php5-json less than 5.2.14-0.40.1
  • OR php5-ldap less than 5.2.14-0.40.1
  • OR php5-mbstring less than 5.2.14-0.40.1
  • OR php5-mcrypt less than 5.2.14-0.40.1
  • OR php5-mhash less than 5.2.14-0.40.1
  • OR php5-mysql less than 5.2.14-0.40.1
  • OR php5-ncurses less than 5.2.14-0.40.1
  • OR php5-odbc less than 5.2.14-0.40.1
  • OR php5-openssl less than 5.2.14-0.40.1
  • OR php5-pcntl less than 5.2.14-0.40.1
  • OR php5-pdo less than 5.2.14-0.40.1
  • OR php5-pear less than 5.2.14-0.40.1
  • OR php5-pgsql less than 5.2.14-0.40.1
  • OR php5-posix less than 5.2.14-0.40.1
  • OR php5-pspell less than 5.2.14-0.40.1
  • OR php5-shmop less than 5.2.14-0.40.1
  • OR php5-snmp less than 5.2.14-0.40.1
  • OR php5-soap less than 5.2.14-0.40.1
  • OR php5-sockets less than 5.2.14-0.40.1
  • OR php5-sqlite less than 5.2.14-0.40.1
  • OR php5-suhosin less than 5.2.14-0.40.1
  • OR php5-sysvmsg less than 5.2.14-0.40.1
  • OR php5-sysvsem less than 5.2.14-0.40.1
  • OR php5-sysvshm less than 5.2.14-0.40.1
  • OR php5-tokenizer less than 5.2.14-0.40.1
  • OR php5-wddx less than 5.2.14-0.40.1
  • OR php5-xmlreader less than 5.2.14-0.40.1
  • OR php5-xmlrpc less than 5.2.14-0.40.1
  • OR php5-xsl less than 5.2.14-0.40.1
  • OR php5-zlib less than 5.2.14-0.40.1
  • OR
  • sles10-sp4-sdk is installed
  • apache2-mod_php5 less than 5.2.14-0.40.1
  • OR php5-bcmath less than 5.2.14-0.40.1
  • OR php5-bz2 less than 5.2.14-0.40.1
  • OR php5-calendar less than 5.2.14-0.40.1
  • OR php5-ctype less than 5.2.14-0.40.1
  • OR php5-curl less than 5.2.14-0.40.1
  • OR php5-dba less than 5.2.14-0.40.1
  • OR php5-dbase less than 5.2.14-0.40.1
  • OR php5-devel less than 5.2.14-0.40.1
  • OR php5-dom less than 5.2.14-0.40.1
  • OR php5-exif less than 5.2.14-0.40.1
  • OR php5-fastcgi less than 5.2.14-0.40.1
  • OR php5-ftp less than 5.2.14-0.40.1
  • OR php5-gd less than 5.2.14-0.40.1
  • OR php5-gettext less than 5.2.14-0.40.1
  • OR php5-gmp less than 5.2.14-0.40.1
  • OR php5-hash less than 5.2.14-0.40.1
  • OR php5-iconv less than 5.2.14-0.40.1
  • OR php5-imap less than 5.2.14-0.40.1
  • OR php5-ldap less than 5.2.14-0.40.1
  • OR php5-mbstring less than 5.2.14-0.40.1
  • OR php5-mcrypt less than 5.2.14-0.40.1
  • OR php5-mhash less than 5.2.14-0.40.1
  • OR php5-mysql less than 5.2.14-0.40.1
  • OR php5-ncurses less than 5.2.14-0.40.1
  • OR php5-odbc less than 5.2.14-0.40.1
  • OR php5-openssl less than 5.2.14-0.40.1
  • OR php5-pcntl less than 5.2.14-0.40.1
  • OR php5-pdo less than 5.2.14-0.40.1
  • OR php5-pear less than 5.2.14-0.40.1
  • OR php5-pgsql less than 5.2.14-0.40.1
  • OR php5-posix less than 5.2.14-0.40.1
  • OR php5-pspell less than 5.2.14-0.40.1
  • OR php5-shmop less than 5.2.14-0.40.1
  • OR php5-snmp less than 5.2.14-0.40.1
  • OR php5-soap less than 5.2.14-0.40.1
  • OR php5-sockets less than 5.2.14-0.40.1
  • OR php5-sqlite less than 5.2.14-0.40.1
  • OR php5-suhosin less than 5.2.14-0.40.1
  • OR php5-sysvmsg less than 5.2.14-0.40.1
  • OR php5-sysvsem less than 5.2.14-0.40.1
  • OR php5-sysvshm less than 5.2.14-0.40.1
  • OR php5-tidy less than 5.2.14-0.40.1
  • OR php5-tokenizer less than 5.2.14-0.40.1
  • OR php5-wddx less than 5.2.14-0.40.1
  • OR php5-xmlreader less than 5.2.14-0.40.1
  • OR php5-xmlrpc less than 5.2.14-0.40.1
  • OR php5-xsl less than 5.2.14-0.40.1
  • OR php5-zlib less than 5.2.14-0.40.1
    • BACK