CVE-2025-1217

Medium CVSS: 6.3

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.

Vendor

Php

Product

Php

CWE

CWE-20

Yayın Tarihi

2025-03-29 06:15:36

Güncelleme

2025-11-03 21:18:52

Source Identifier

security@php.net

KEV Date Added

Kategoriler

CWE-20 Php MEDIUM Php 2025

Referanslar

https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g https://lists.debian.org/debian-lts-announce/2025/03/msg00014.html https://security.netapp.com/advisory/ntap-20250523-0008/ https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g

Benzer Kayıtlar

High

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSIO…

High

CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly han…

Medium

CVE-2025-14177

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

Medium

CVE-2025-14178

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

High

CVE-2025-14180

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 w…

Low

CVE-2025-1220

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like f…