This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
Currently the header check in check_has_header does not verify \r which could potentially lead to some misbehaviour if only \n is used in the header value. If this value is provided by user and not checked properly (e.g. it can be cookie value and it is not unlikely it could be taken from the user input (at least partially)), then it could specify it like for example Cookie: x=y\nauhtorization:x\r\n. If the URL has user part in it, then this can disable sending of that authorization header. That could potentially impact the result and lead potentially to DoS or potentially to some unexpected issues.
| Name | Vendor | Version |
|---|---|---|
| Php8.1 | Ubuntu/upstream | TBD |
| Php8.1 | Ubuntu/jammy | TBD |
| Php8.3 | Ubuntu/noble | TBD |
| Php8.3 | Ubuntu/oracular | TBD |
| Php8.3 | Ubuntu/upstream | TBD |
| Php8.4 | Ubuntu/upstream | TBD |
| Php8.4 | Ubuntu/devel | TBD |
| Php5 | Ubuntu/upstream | TBD |
| Php5 | Ubuntu/esm-infra-legacy/trusty | TBD |
| Php7.0 | Ubuntu/upstream | TBD |
| Php7.0 | Ubuntu/esm-infra/xenial | TBD |
| Php7.2 | Ubuntu/upstream | TBD |
| Php7.2 | Ubuntu/esm-infra/bionic | TBD |
| Php7.4 | Ubuntu/upstream | TBD |
| Php7.4 | Ubuntu/focal | TBD |