CVE-2012-4388

Name of the Vulnerable Software and Affected Versions PHP versions 5.4.0RC2 through 5.4.0

Description The issue arises from the sapi header op function in main/SAPI.c, which fails to properly determine a pointer during checks for %0D sequences, allowing remote attackers to bypass an HTTP response-splitting protection mechanism. This can be achieved via a crafted URL and is related to improper interaction between the PHP header function and certain browsers, such as Internet Explorer and Google Chrome.

Recommendations For PHP versions 5.4.0RC2 through 5.4.0, update to a version that properly fixes the issue, as the current fix is incorrect and based on an earlier vulnerability.