vulnerability

F5 Networks: K63712424 (CVE-2015-8935): PHP vulnerability CVE-2015-8935

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Aug 7, 2016	Feb 16, 2017	Jan 31, 2018

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Aug 7, 2016

Added

Feb 16, 2017

Modified

Jan 31, 2018

Description

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

Solution

f5-big-ip-upgrade-latest

References

URL-https://support.f5.com/csp/article/K63712424
SUSE-SUSE-SU-2016:2013
REDHAT-RHSA-2016:2750
NVD-CVE-2015-8935
UBUNTU-USN-3045-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today