4.3
CVE-2007-3799
- EPSS 7.92%
- Veröffentlicht 16.07.2007 22:30:00
- Zuletzt bearbeitet 16.06.2026 22:42:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.92% | 0.94 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/29420
http://secunia.com/advisories/27864
http://www.ubuntu.com/usn/usn-549-2
https://launchpad.net/bugs/173043
https://usn.ubuntu.com/549-1/
http://secunia.com/advisories/26895
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://secunia.com/advisories/27377
https://issues.rpath.com/browse/RPL-1693
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://secunia.com/advisories/26967
http://secunia.com/advisories/27351
http://www.redhat.com/support/errata/RHSA-2007-0888.html
http://secunia.com/advisories/26871
http://secunia.com/advisories/26930
http://secunia.com/advisories/27545
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
http://www.redhat.com/support/errata/RHSA-2007-0890.html
http://www.redhat.com/support/errata/RHSA-2007-0891.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
http://osvdb.org/36855
http://secunia.com/advisories/28249
http://secunia.com/advisories/30288
http://www.debian.org/security/2008/dsa-1444
http://www.debian.org/security/2008/dsa-1578
http://www.php-security.org/MOPB/PMOPB-46-2007.html
http://www.securityfocus.com/bid/24268
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9792