9.3

CVE-2006-3016

Exploit

EPSS 6.32%
Veröffentlicht 14.06.2006 23:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.  NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 27

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php Group ≫ Php Version <= 5.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.32%	0.9

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/21050

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

http://www.turbolinux.com/security/2006/TLSA-2006-38.txt

http://www.ubuntu.com/usn/usn-320-1

http://secunia.com/advisories/22225

Vendor Advisory

http://www.securityfocus.com/archive/1/447866/100/0/threaded

https://issues.rpath.com/browse/RPL-683

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

http://rhn.redhat.com/errata/RHSA-2006-0736.html

http://secunia.com/advisories/19927

Patch

Vendor Advisory

http://secunia.com/advisories/22004

Vendor Advisory

http://secunia.com/advisories/22069

Vendor Advisory

http://secunia.com/advisories/22440

Vendor Advisory

http://secunia.com/advisories/22487

Vendor Advisory

http://secunia.com/advisories/23247

Vendor Advisory

http://securitytracker.com/id?1016306

http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

http://www.osvdb.org/25253

http://www.php.net/release_5_1_3.php

http://www.redhat.com/support/errata/RHSA-2006-0669.html

http://www.redhat.com/support/errata/RHSA-2006-0682.html

http://www.securityfocus.com/bid/17843

Patch

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597

https://nvd.nist.gov/vuln/detail/CVE-2006-3016

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3016

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3016

EUVD