header-logo
Suggest Exploit
vendor:
PHP
by:
Not mentioned
6.4
CVSS
MEDIUM
Arbitrary Header Injection
113
CWE
Product Name: PHP
Affected Version From: PHP 5.1.2
Affected Version To: Not mentioned
Patch Exists: YES
Related CWE: CVE-2012-1823
CPE: a:php:php
Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2022-31631/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-0686/https://www.rapid7.com/db/vulnerabilities/apple-osx-note-cve-2012-1823/https://www.rapid7.com/db/vulnerabilities/apple-osx-note-cve-2012-2311/https://www.rapid7.com/db/vulnerabilities/apple-osx-php-cve-2012-1823/https://www.rapid7.com/db/vulnerabilities/hpux-cve-2012-2311/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-1823/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-2336/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2012-1823/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2012-77/https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2012-2336/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0546/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0547/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0568/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0569/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2012-2311/https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-1823/https://www.rapid7.com/db/vulnerabilities/apple-osx-php-cve-2012-2311/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0570/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-59b68b1e-9c78-11e1-b5e0-000c299b62e1/https://www.rapid7.com/db/?q=CVE-2012-1823&type=&page=2https://www.rapid7.com/db/?q=CVE-2012-1823&type=&page=2
Other Scripts:
Tags: cve2012,kev,vulhub,rce,php,cve
CVSS Metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
Nuclei Metadata: {'max-request': 1, 'vendor': 'php', 'product': 'php'}
Platforms Tested: Not mentioned
2012

Arbitrary Header Injection in PHP

Attackers can inject arbitrary headers through a URL in PHP, leading to potential cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.

Mitigation:

Update PHP to the latest version available. Validate and sanitize user-supplied input before using it in header functions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55297/info

PHP is prone to a vulnerability that allows attackers to inject arbitrary headers through a URL.

By inserting arbitrary headers, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.

PHP 5.1.2 is vulnerable; other versions may also be affected. 

<?php
header('Location: '.$_GET['url']);
print_r($_COOKIE);
?>

http://www.example.com/head1.php?url=http://example.com/head1.php%0DSet-Cookie:+NAME=foo