9.3

CVE-2006-3016

Exploit
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.  NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Php GroupPhp Version <= 5.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.26% 0.807
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21050
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.ubuntu.com/usn/usn-320-1
http://secunia.com/advisories/22225
Vendor Advisory
http://www.securityfocus.com/archive/1/447866/100/0/threaded
https://issues.rpath.com/browse/RPL-683
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://rhn.redhat.com/errata/RHSA-2006-0736.html
http://secunia.com/advisories/19927
Patch
Vendor Advisory
http://secunia.com/advisories/22004
Vendor Advisory
http://secunia.com/advisories/22069
Vendor Advisory
http://secunia.com/advisories/22440
Vendor Advisory
http://secunia.com/advisories/22487
Vendor Advisory
http://secunia.com/advisories/23247
Vendor Advisory
http://securitytracker.com/id?1016306
http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm
http://www.osvdb.org/25253
http://www.php.net/release_5_1_3.php
http://www.redhat.com/support/errata/RHSA-2006-0669.html
http://www.redhat.com/support/errata/RHSA-2006-0682.html
http://www.securityfocus.com/bid/17843
Patch
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597