oss-sec mailing list archives
Re: Re: php header() header injection detection bypass
From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Wed, 5 Sep 2012 10:19:52 +0400
Tue, Sep 04, 2012 at 03:02:25PM -0400, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1- 5.3.11, https://github.com/php/php-src/blob/704bbb3263d0ec9a6b4a767bbc516e55388f4b0e/main/SAPI.c#L593 has the issue completely fixedNote that, in the http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1398 entry, the affected versions are "PHP before 5.3.11." (We do know that 5.3.11 was released about 2 months after 5.4.0.)
Yes, sorry: I seem to be messed two bugs and, as I discovered, was talking about CVE-2011-1398 in my previous message. -- Eygene
Current thread:
- php header() header injection detection bypass Raphael Geissert (Aug 29)
- Re: php header() header injection detection bypass Kurt Seifried (Aug 31)
- Re: php header() header injection detection bypass Raphael Geissert (Aug 31)
- Re: php header() header injection detection bypass Kurt Seifried (Sep 01)
- Re: php header() header injection detection bypass Eygene Ryabinkin (Sep 04)
- Re: php header() header injection detection bypass cve-assign (Sep 04)
- Re: Re: php header() header injection detection bypass Raphael Geissert (Sep 04)
- Re: php header() header injection detection bypass cve-assign (Sep 05)
- Re: Re: php header() header injection detection bypass Raphael Geissert (Sep 06)
- Re: php header() header injection detection bypass Raphael Geissert (Aug 31)
- Re: Re: php header() header injection detection bypass Eygene Ryabinkin (Sep 04)
- Re: php header() header injection detection bypass Kurt Seifried (Aug 31)