5

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version5.0 Updaterc1
PhpPhp Version5.0 Updaterc2
PhpPhp Version5.0 Updaterc3
PhpPhp Version5.0.0
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.0
PhpPhp Version5.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.35% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://secunia.com/advisories/19012
Vendor Advisory
http://secunia.com/advisories/18431
Patch
Vendor Advisory
http://www.php.net/release_5_1_2.php
http://www.vupen.com/english/advisories/2006/0177
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0369
Vendor Advisory
http://secunia.com/advisories/18697
Patch
Vendor Advisory
http://secunia.com/advisories/19179
Patch
Vendor Advisory
http://secunia.com/advisories/19355
Patch
Vendor Advisory
http://secunia.com/advisories/25945
http://securitytracker.com/id?1015484
Patch
Vendor Advisory
http://www.debian.org/security/2007/dsa-1331
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
Patch
Vendor Advisory
http://www.hardened-php.net/advisory_012006.112.html
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
http://www.securityfocus.com/bid/16220
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24094
https://usn.ubuntu.com/261-1/