Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4731

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4731
Last Modified 05 Sep 2008 04:57:39
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4731

Summary

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.

Vulnerable Systems

Application

  • The Php Group Pear Html Quickform Controller 1.0.4


References

OSVDB - 23766

CONFIRM - http://pear.php.net/package/HTML_QuickForm_Controller/download

CONFIRM - http://pear.php.net/bugs/bug.php?id=3443


Last Updated: 27 May 2016 10:41:24