News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP Security Blog:
Goodbye HTTP Response Splitting, and thanks for all the fish
January 13, 2006 @ 06:54:50

On the PHP Security Blog today, Stefan Esser has this new post with comments about the latest PHP 5.x release and the HTTP response splitting it fixes.

For all those that have not yet learned about my two new advisories through the usual channels. PHP 5.1.2 was released today, fixing among other things a serious HTTP Response Splitting vulnerability in the PHP5 session extension. The fix was implemented in a way similar to the SAPI hook in our Hardening-Patch and is the first move to get some of the Hardening-Patch features into the plain PHP. It is also merged into the PHP4 code tree.

So, basically, once the latest version of the PHP 4.x series has been released, HTTP reponse splitting issues will be a thing of the past. Great work on both sides of the version fence for taking care of this issue...

0 comments voice your opinion now!
security http response splitting 5.1.2 4.4.2 security http response splitting 5.1.2 4.4.2


blog comments powered by Disqus

Similar Posts

Jonathan Snook's Blog: Password Protecting Admin Functions in CakePHP

Greg Beaver\'s Blog: Why it is very important to upgrade to PEAR 1.4.6 from PEAR 1.3.x

Lukas Smith's Blog: Chatting with Rasmus (part two and three)

Ilia Alshanetsky's Blog: MySQL Binaries and cURL/http extensions in PHP

Developer.com: Performing HTTP Geocoding with the Google Maps API


Community Events





Don't see your event here?
Let us know!


list interview introduction testing language series laravel podcast unittest release refactor opinion code framework threedevsandamaybe configure developer community wordpress install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework