Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10303

send_status_line() doesn't validate user input

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • 3.0.9
    • 3.0.10-RC1
    • Other
    • None

    Description

      send_status_line() uses the HTTP request 'Version' header which doesn't seem exist in any official standard.

      As there is no validation on the value of the Version header this allows anyone to inject what ever they want into the HTTP response line.

      It's a very obscure vector and probably not much use to anyone, PHP prevents header splitting as of 4.4.2 and 5.1.2. You'd have to find a server which doesn't set SERVER_PROTOCOL for starters which I bet would be pretty difficult!

      Per previous discussions PHPBB3-10029 I believe it is best if we just remove the Version header check all together.

      Attachments

        Issue Links

          Activity

            People

              ToonArmy ToonArmy [X] (Inactive)
              ToonArmy ToonArmy [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: