CVE-2006-3016
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
84.4%
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to “certain characters in session names,” including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
Affected configurations
References
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
rhn.redhat.com/errata/RHSA-2006-0736.html
secunia.com/advisories/19927
secunia.com/advisories/21050
secunia.com/advisories/22004
secunia.com/advisories/22069
secunia.com/advisories/22225
secunia.com/advisories/22440
secunia.com/advisories/22487
secunia.com/advisories/23247
securitytracker.com/id?1016306
support.avaya.com/elmodocs2/security/ASA-2006-221.htm
support.avaya.com/elmodocs2/security/ASA-2006-222.htm
www.mandriva.com/security/advisories?name=MDKSA-2006:122
www.osvdb.org/25253
www.php.net/release_5_1_3.php
www.redhat.com/support/errata/RHSA-2006-0669.html
www.redhat.com/support/errata/RHSA-2006-0682.html
www.securityfocus.com/archive/1/447866/100/0/threaded
www.securityfocus.com/bid/17843
www.turbolinux.com/security/2006/TLSA-2006-38.txt
www.ubuntu.com/usn/usn-320-1
issues.rpath.com/browse/RPL-683
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
84.4%