Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10303

send_status_line() doesn't validate user input

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.9
    • Fix Version/s: 3.0.10-RC1
    • Component/s: Other
    • Labels:
      None

      Description

      send_status_line() uses the HTTP request 'Version' header which doesn't seem exist in any official standard.

      As there is no validation on the value of the Version header this allows anyone to inject what ever they want into the HTTP response line.

      It's a very obscure vector and probably not much use to anyone, PHP prevents header splitting as of 4.4.2 and 5.1.2. You'd have to find a server which doesn't set SERVER_PROTOCOL for starters which I bet would be pretty difficult!

      Per previous discussions PHPBB3-10029 I believe it is best if we just remove the Version header check all together.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ToonArmy Chris Smith
                Reporter:
                ToonArmy Chris Smith
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: