UBUNTU-CVE-2015-8935
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 21 Jun 2016, 00:00
Last modified:22 Apr 2026, 10:24
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6.1 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Jun 2016, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 10:24
Last Modified
Vulnerability information updated
Description
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Systems
- ubuntu•php5
< 5.5.9+dfsg-1ubuntu4.19