Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2006-4433
HistoryAug 29, 2006 - 12:00 a.m.

CVE-2006-4433

2006-08-2900:00:00
ubuntu.com
ubuntu.com
12

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.031

Percentile

91.1%

JSON

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of
the session identifier (PHPSESSID) for third party session handlers, which
might make it easier for remote attackers to exploit other vulnerabilities
by inserting PHP code into the PHPSESSID, which is stored in the session
file. NOTE: it could be argued that this not a vulnerability in PHP
itself, rather a design limitation that enables certain attacks against
session handlers that do not account for this limitation.

Notes

Author Note
kees this is really an application input sanitization issue
OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchphp5< 5.1.6-1ubuntu2.6UNKNOWN
ubuntu7.04noarchphp5< 5.2.1-0ubuntu1.4UNKNOWN

Related

cvelist 1
cve 1
redhatcve 1
nvd 1
nessus 1
cvelist
cvelist
CVE-2006-4433
2006-08-29 00:00:00
cve
cve
CVE-2006-4433
2006-08-29 00:04:00
redhatcve
redhatcve
CVE-2006-4433
2015-10-30 09:41:20
nvd
nvd
CVE-2006-4433
2006-08-29 00:04:00
nessus
nessus
PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities
2006-08-25 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.031

Percentile

91.1%

JSON
Related for UB:CVE-2006-4433
cvelist1cve1redhatcve1nvd1nessus1