CVE-2015-8935

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.38 PHP versions 5.5.x prior to 5.5.22 PHP versions 5.6.x prior to 5.6.6

Description The issue is related to the sapi header op function in PHP, which supports deprecated line folding without considering browser compatibility. This allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging mishandling of certain characters in the header function, such as %0A%20 or %0D%0A%20. The vulnerability is associated with the failure to protect the structure of web pages.

Recommendations For PHP versions prior to 5.4.38, update to version 5.4.38 or later. For PHP versions 5.5.x prior to 5.5.22, update to version 5.5.22 or later. For PHP versions 5.6.x prior to 5.6.6, update to version 5.6.6 or later.