PHP: sapi_header_op() %0D sequence handling security bypass

Submitted on 16. December 2013 - 15:28 by rischi.
Last update on 16. December 2013 - 17:47.

IDs:

CVE-2011-1398, CB-K13/1037

Keywords:

PHP, response-splitting

Description:

The HTTP response-splitting protection mechanism in certain versions of PHP can be circumvented by using the carriage return control character %0d [1].

Airlock is not affected because PHP is not used in Airlock.

Resolution:

Airlock protects back-ends with it's own HTTP response splitting deny rule which considers both, carriage return (%0D) and new line (%0A) control characters.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Does not affect back-end behind Airlock

Reference:

[1] CVE-2011-1398

Main menu

Navigation

User menu

You are here

PHP: sapi_header_op() %0D sequence handling security bypass

Main menu

Search form

Navigation

User menu

You are here

PHP: sapi_header_op() %0D sequence handling security bypass