9.3
CVE-2006-3016
- EPSS 2.26%
- Veröffentlicht 14.06.2006 23:02:00
- Zuletzt bearbeitet 16.06.2026 22:26:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.26% | 0.807 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/21050
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.ubuntu.com/usn/usn-320-1
http://secunia.com/advisories/22225
http://www.securityfocus.com/archive/1/447866/100/0/threaded
https://issues.rpath.com/browse/RPL-683
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://rhn.redhat.com/errata/RHSA-2006-0736.html
http://secunia.com/advisories/19927
http://secunia.com/advisories/22004
http://secunia.com/advisories/22069
http://secunia.com/advisories/22440
http://secunia.com/advisories/22487
http://secunia.com/advisories/23247
http://securitytracker.com/id?1016306
http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
http://www.osvdb.org/25253
http://www.php.net/release_5_1_3.php
http://www.redhat.com/support/errata/RHSA-2006-0669.html
http://www.redhat.com/support/errata/RHSA-2006-0682.html
http://www.securityfocus.com/bid/17843
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597