CVE-2006-0207 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0207
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0207

Description: Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24094 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-261-1 SUSE http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html ST 1015484 SAID Secunia Advisory: SA18431 Secunia Advisory: SA18697 Secunia Advisory: SA19179 Secunia Advisory: SA19355 Secunia Advisory: SA19012 Secunia Advisory: SA25945 MISC http://www.hardened-php.net/advisory_012006.112.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:028 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml DEBIAN http://www.debian.org/security/2007/dsa-1331 CONFIRM http://www.php.net/release_5_1_2.php BUGTRAQ BID 16220

Return to the previous page.