Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0442

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2003-0442
Last Modified 10 Sep 2008 03:19:02
Published 24 Jul 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-0442

Summary

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

Vulnerable Systems

Operating System

  • Redhat Linux 8.0

  • Redhat Linux 9.0

Application

  • Php 4.3.1


References

REDHAT - RHSA-2003:204

MISC - http://shh.thathost.com/secadv/2003-05-11-php.txt

BUGTRAQ - 20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)

BID - 7761

DEBIAN - DSA-351

BUGTRAQ - 20030530 PHP Trans SID XSS (Was: New php release with security fixes)

XF - php-session-id-xss(12259)

TURBO - TLSA-2003-47

SECTRACK - 1008653

OSVDB - 4758

MANDRAKE - MDKSA-2003:082

CIAC - N-112

CONECTIVA - CLSA-2003:691


Last Updated: 27 May 2016 10:37:54