|
|
CVE Reference: CVE-2006-3016 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-3016 |
|
|
Description: Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). |
|
|
CVE Status: Candidate |
|
|
References: UBUNTU http://www.ubuntu.com/usn/usn-320-1 TURBO http://www.turbolinux.com/security/2006/TLSA-2006-38.txt ST 1016306 SGI SAID Secunia Advisory: SA22225 Secunia Advisory: SA22004 Secunia Advisory: SA22069 Secunia Advisory: SA21050 Secunia Advisory: SA19927 Secunia Advisory: SA22440 Secunia Advisory: SA22487 Secunia Advisory: SA23247 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0682.html http://rhn.redhat.com/errata/RHSA-2006-0736.html http://www.redhat.com/support/errata/RHSA-2006-0669.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10597 OSVDB 25253 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:122 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm http://www.php.net/release_5_1_3.php BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447866/100/0/threaded BID 17843 |
|
| Return to the previous page. |
