FreeBSD : php5 -- header splitting attack via carriage-return character (918f38cd-f71e-11e1-8bd8-0022156e8794)
Medium Nessus Plugin ID 61782
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionRui Hirokawa reports :
As of PHP 5.1.2, header() can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header() only checks the linefeed (LF, 0x0A) as line-end marker, it doesn't check the carriage-return (CR, 0x0D).
However, some browsers including Google Chrome, IE also recognize CR as the line-end.
The current specification of header() still has the vulnerability against the HTTP header splitting attack.
SolutionUpdate the affected packages.