Home > Vulnerability Database > WS-2012-0019

Mend.io Vulnerability Database

WS-2012-0019

Good to know:

Date: January 20, 2012

In php-src, php-5.3.1RC1 to php-5.4.0beta2 there is a vulnerability which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Language: PHP

Severity Score

4.8

Related Resources (2)

Url: https://github.com/php/php-src/commit/96aa2eb2340c1d4131fbcc508f734ec7c807ff25

Url: https://www.mend.io/vulnerability-database/WS-2012-0019

Severity Score

4.8

Weakness Type (CWE)

Channel Accessible by Non-Endpoint

CWE-300

Top Fix

Upgrade Version

Upgrade to version php-5.4.0

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2012-0019

Good to know:

Date: January 20, 2012

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?