9.3

CVE-2006-3016

Exploit

EPSS 6.74%
Veröffentlicht 14.06.2006 23:02:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.  NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 27

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php Group ≫ Php Version <= 5.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.74%	0.91

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/21050

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

http://www.turbolinux.com/security/2006/TLSA-2006-38.txt

http://www.ubuntu.com/usn/usn-320-1

http://secunia.com/advisories/22225

Vendor Advisory

http://www.securityfocus.com/archive/1/447866/100/0/threaded

https://issues.rpath.com/browse/RPL-683

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

http://rhn.redhat.com/errata/RHSA-2006-0736.html

http://secunia.com/advisories/19927

Patch

Vendor Advisory

http://secunia.com/advisories/22004

Vendor Advisory

http://secunia.com/advisories/22069

Vendor Advisory

http://secunia.com/advisories/22440

Vendor Advisory

http://secunia.com/advisories/22487

Vendor Advisory

http://secunia.com/advisories/23247

Vendor Advisory

http://securitytracker.com/id?1016306

http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

http://www.osvdb.org/25253

http://www.php.net/release_5_1_3.php

http://www.redhat.com/support/errata/RHSA-2006-0669.html

http://www.redhat.com/support/errata/RHSA-2006-0682.html

http://www.securityfocus.com/bid/17843

Patch

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597

https://nvd.nist.gov/vuln/detail/CVE-2006-3016

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3016

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3016

EUVD