CVE-2015-8935 (retired)

Priority
Description
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x
before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding
without considering browser compatibility, which allows remote attackers to
conduct cross-site scripting (XSS) attacks against Internet Explorer by
leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
Notes
 mdeslaur> precise needs backported fix
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.4-7ubuntu2.1)
More Information

Updated: 2019-08-23 09:08:33 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)