Vulnerability Name:

CVE-2011-1398 (CCN-78278)

Assigned:2011-11-06
Published:2011-11-06
Updated:2013-10-11
Summary:The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MLIST
Type: UNKNOWN
[internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP

Source: MITRE
Type: CNA
CVE-2011-1398

Source: SUSE
Type: UNKNOWN
SUSE-SU-2013:1315

Source: CCN
Type: oss-sec mailing list, Wed, 29 Aug 2012 13:26:34 -0500
php header() header injection detection bypass

Source: MLIST
Type: UNKNOWN
[oss-security] 20120829 php header() header injection detection bypass

Source: MLIST
Type: UNKNOWN
[oss-security] 20120905 Re: php header() header injection detection bypass

Source: CCN
Type: RHSA-2013-0514
Moderate: php security, bug fix and enhancement update

Source: CCN
Type: RHSA-2013-1307
Moderate: php53 security, bug fix and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1307

Source: CCN
Type: RHSA-2013-1814
Critical: php security update

Source: SECUNIA
Type: UNKNOWN
55078

Source: CONFIRM
Type: UNKNOWN
http://security-tracker.debian.org/tracker/CVE-2011-1398

Source: CCN
Type: The PHP Group Web site
Version 5.3.11

Source: CCN
Type: BID-55297
PHP 'header()' HTTP Header Injection Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027463

Source: UBUNTU
Type: UNKNOWN
USN-1569-1

Source: MISC
Type: UNKNOWN
https://bugs.php.net/bug.php?id=60227

Source: XF
Type: UNKNOWN
php-sapiheaderop-sec-bypass(78278)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.3.10)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.3.9:-:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20111398
    V
    		CVE-2011-1398
    2022-05-20
    oval:org.opensuse.security:def:42273
    P
    		Security update for glib2 (Low)
    2022-04-28
    oval:org.opensuse.security:def:31334
    P
    		Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:33049
    P
    		Security update for java-1_7_0-openjdk (Important)
    2021-11-24
    oval:org.opensuse.security:def:32218
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-11-19
    oval:org.opensuse.security:def:26163
    P
    		Security update for bind (Important)
    2021-11-11
    oval:org.opensuse.security:def:31700
    P
    		Security update for binutils (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:26148
    P
    		Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)
    2021-10-15
    oval:org.opensuse.security:def:26134
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:32162
    P
    		Security update for libcares2 (Important)
    2021-08-16
    oval:org.opensuse.security:def:26099
    P
    		Security update for libsndfile (Critical)
    2021-08-05
    oval:org.opensuse.security:def:26095
    P
    		Security update for glibc (Moderate)
    2021-07-27
    oval:org.opensuse.security:def:32153
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:26088
    P
    		Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:31643
    P
    		Security update for apache2 (Important)
    2021-06-17
    oval:org.opensuse.security:def:31638
    P
    		Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:42493
    P
    		apache2-mod_php53-5.3.17-0.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36086
    P
    		apache2-mod_php53-5.3.17-0.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36538
    P
    		php53-devel-5.3.17-0.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32109
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:26046
    P
    		Security update for libxml2 (Moderate)
    2021-05-05
    oval:org.opensuse.security:def:32087
    P
    		Security update for cups (Important)
    2021-04-30
    oval:org.opensuse.security:def:26212
    P
    		Security update for python3 (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:32267
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:31345
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:26192
    P
    		Security update for php72 (Important)
    2021-02-17
    oval:org.opensuse.security:def:31333
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:26087
    P
    		Security update for sudo (Important)
    2021-01-26
    oval:org.opensuse.security:def:33010
    P
    		Security update for java-1_8_0-ibm (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:26061
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:32830
    P
    		Security update for python (Important)
    2020-12-11
    oval:org.opensuse.security:def:25977
    P
    		Security update for openssl-1_1 (Important)
    2020-12-10
    oval:org.opensuse.security:def:32006
    P
    		Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:35866
    P
    		apache2-mod_php53-5.3.17-0.13.7 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25993
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27501
    P
    		libwmf on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25635
    P
    		Security update for tigervnc (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25920
    P
    		Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26314
    P
    		Security update for iperf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27084
    P
    		apache2-mod_php53 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25417
    P
    		Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26513
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:32372
    P
    		Security update for tcpdump (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25758
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26819
    P
    		ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31551
    P
    		Security update for shim
    2020-12-01
    oval:org.opensuse.security:def:25711
    P
    		Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31999
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:31553
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32791
    P
    		syslog-ng on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31919
    P
    		Security update for ghostscript-library (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26411
    P
    		Security update for go (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26372
    P
    		Recommended update for geotiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32306
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25620
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26766
    P
    		libsamplerate on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27536
    P
    		php53-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25636
    P
    		Security update for libproxy (Important)
    2020-12-01
    oval:org.opensuse.security:def:31787
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26830
    P
    		t1lib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31770
    P
    		Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)
    2020-12-01
    oval:org.opensuse.security:def:26353
    P
    		Security update for tor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25428
    P
    		Security update for LibVNCServer (Important)
    2020-12-01
    oval:org.opensuse.security:def:26664
    P
    		aaa_base on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25842
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26863
    P
    		apache2-mod_jk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25839
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32048
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31564
    P
    		Security update for squid3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26265
    P
    		Security update for guile (Low)
    2020-12-01
    oval:org.opensuse.security:def:27049
    P
    		unzip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25416
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26429
    P
    		Security update for keepalived (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32328
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25701
    P
    		Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26805
    P
    		perl-Tk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31419
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25647
    P
    		Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31943
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26865
    P
    		apache2-mod_php53 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31552
    P
    		Security update for socat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31862
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26367
    P
    		Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26291
    P
    		Security update for python-reportlab (Important)
    2020-12-01
    oval:org.opensuse.security:def:25492
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26717
    P
    		gzip on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:25781
    P
    		SUSE-SU-2013:1315-1 -- Security update for PHP5
    2014-09-08
    oval:org.mitre.oval:def:17978
    P
    		USN-1569-1 -- php5 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:21094
    P
    		RHSA-2013:1814: php security update (Critical)
    2014-06-30
    oval:org.mitre.oval:def:22872
    P
    		ELSA-2013:1814: php security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23222
    P
    		ELSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:24086
    P
    		ELSA-2013:0514: php security, bug fix and enhancement update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21114
    P
    		RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
    2014-02-17
    oval:org.mitre.oval:def:20983
    P
    		RHSA-2013:0514: php security, bug fix and enhancement update (Moderate)
    2014-02-17
    oval:com.redhat.rhsa:def:20131814
    P
    		RHSA-2013:1814: php security update (Critical)
    2013-12-11
    oval:com.redhat.rhsa:def:20131307
    P
    		RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
    2013-09-30
    oval:com.redhat.rhsa:def:20130514
    P
    		RHSA-2013:0514: php security, bug fix and enhancement update (Moderate)
    2013-02-21
    oval:com.ubuntu.precise:def:20111398000
    V
    		CVE-2011-1398 on Ubuntu 12.04 LTS (precise) - medium.
    2012-08-30
    BACK
    php php 5.3.0
    php php 5.3.1
    php php 5.3.2
    php php 5.3.3
    php php 5.3.4
    php php 5.3.5
    php php 5.3.6
    php php 5.3.7
    php php 5.3.8
    php php 5.3.9
    php php *
    php php 5.3.0
    php php 5.3.1
    php php 5.3.2
    php php 5.3.3
    php php 5.3.4
    php php 5.3.5
    php php 5.3.6
    php php 5.3.7
    php php 5.3.8
    php php 5.3.10
    php php 5.3.9
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6