CVE-2007-5899 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5899
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5899

Description: The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-628-1 http://www.ubuntu.com/usn/usn-549-2 http://www.ubuntulinux.org/support/documentation/usn/usn-549-1 SAID Secunia Advisory: SA30040 Secunia Advisory: SA30828 Secunia Advisory: SA27659 Secunia Advisory: SA27864 Secunia Advisory: SA28249 Secunia Advisory: SA31119 Secunia Advisory: SA31124 Secunia Advisory: SA31200 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0582.html http://www.redhat.com/support/errata/RHSA-2008-0545.html http://www.redhat.com/support/errata/RHSA-2008-0546.html http://www.redhat.com/support/errata/RHSA-2008-0544.html http://www.redhat.com/support/errata/RHSA-2008-0505.html OSVDB 38918 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:126 http://www.mandriva.com/security/advisories?name=MDVSA-2008:127 http://www.mandriva.com/security/advisories?name=MDVSA-2008:125 HP http://www.securityfocus.com/archive/1/archive/1/491693/100/0/threaded FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1444 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 http://www.php.net/releases/5_2_5.php http://www.php.net/ChangeLog-5.php#5.2.5 http://bugs.php.net/bug.php?id=42869

Return to the previous page.