FreeBSD Information for VU#929115

PHP fails to properly parse the headers of HTTP POST requests

Status

Affected

Vendor Statement

FreeBSD does not include any version of PHP by default, and so is not vulnerable; however, the FreeBSD Ports Collection does contain the PHP4 package. Updates to the PHP4 package are in progress and a corrected package will be available in the near future.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.