Lucene search

K

MitreCVELIST:CVE-2006-3016

HistoryJun 14, 2006 - 11:00 p.m.

CVE-2006-3016

2006-06-1423:00:00

mitre

www.cve.org

2

AI Score

6.4

Confidence

Low

EPSS

0.011

Percentile

84.4%

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to “certain characters in session names,” including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

References

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

rhn.redhat.com/errata/RHSA-2006-0736.html

secunia.com/advisories/19927

secunia.com/advisories/21050

secunia.com/advisories/22004

secunia.com/advisories/22069

secunia.com/advisories/22225

secunia.com/advisories/22440

secunia.com/advisories/22487

secunia.com/advisories/23247

securitytracker.com/id?1016306

support.avaya.com/elmodocs2/security/ASA-2006-221.htm

support.avaya.com/elmodocs2/security/ASA-2006-222.htm

www.mandriva.com/security/advisories?name=MDKSA-2006:122

www.osvdb.org/25253

www.php.net/release_5_1_3.php

www.redhat.com/support/errata/RHSA-2006-0669.html

www.redhat.com/support/errata/RHSA-2006-0682.html

www.securityfocus.com/archive/1/447866/100/0/threaded

www.securityfocus.com/bid/17843

www.turbolinux.com/security/2006/TLSA-2006-38.txt

www.ubuntu.com/usn/usn-320-1

issues.rpath.com/browse/RPL-683

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597

AI Score

6.4

Confidence

Low

EPSS

0.011

Percentile

84.4%

Related for CVELIST:CVE-2006-3016

ubuntucve1 cve1 nvd1 nessus7 centos2 redhat2 oraclelinux2 openvas1 ubuntu1