
We found results for “”
CVE-2025-1217
Date: March 29, 2025
In PHP prior to 8.1.32, 8.2.28, 8.3.19, and 8.4.5, the header parser of the http stream parser does not understand that a header line beginning with whitespace continues the previous header and instead considers every newline to be a header separator. Users of the http stream wrapper might interpret the response with an incorrect MIME type and more generally might misparse the response, for example by incorrectly determining which response headers belong to the final response if a redirect happened.
Severity Score
Related Resources (5)
Severity Score
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |