Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0207

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0207
Last Modified 09 Sep 2011 12:00:00
Published 13 Jan 2006 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0207

Summary

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

Vulnerable Systems

Application

  • Php 5.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1

  • Php 5.1.1


References

XF - php-session-response-splitting(24094)

BID - 16220

GENTOO - GLSA-200603-22

SECTRACK - 1015484

SECUNIA - 19355

SECUNIA - 19179

SECUNIA - 18697

SECUNIA - 18431

VUPEN - ADV-2006-0369

VUPEN - ADV-2006-0177

UBUNTU - USN-261-1

CONFIRM - http://www.php.net/release_5_1_2.php

MANDRIVA - MDKSA-2006:028

MISC - http://www.hardened-php.net/advisory_012006.112.html

DEBIAN - DSA-1331

SECUNIA - 25945

SECUNIA - 19012

SUSE - SUSE-SR:2006:004


Last Updated: 27 May 2016 10:41:34