It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIME type parsing which could result in unexpected behavior. (CVE-2025-1217) It was discovered that PHP did not properly validate certain HTTP headers. An attacker could possibly use this issue to perform an HTTP request smuggling attack. (CVE-2025-1734) It was discovered that PHP did not properly validate certain HTTP headers. An attacker could possibly use this issue to prevent certain headers from being sent which could result in a denial of service or other unexpected behavior. (CVE-2025-1736) It was discovered that PHP incorrectly performed URL truncation. An attacker could possibly use this issue to specially craft a URL that would result in unintended redirections or a denial of service. (CVE-2025-1861)
Continue reading...
Continue reading...
