Lucene search

MitreCVE-2006-4431

HistoryAug 29, 2006 - 12:04 a.m.

CVE-2006-4431

2006-08-2900:04:00

CWE-119

mitre

web.nvd.nist.gov

cve

2006

4431

buffer overflows

zend platform

session clustering daemon

mod_cluster

denial of service

remote code execution

php session identifier

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.131

Percentile

95.5%

JSON

Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).

Affected configurations

Nvd

Node

zendzend_platformRange≤2.2.1aa

VendorProductVersionCPE
zendzend_platform*cpe:2.3:a:zend:zend_platform:*:a:*:*:*:*:*:*

Vendor	Product	Version	CPE
zend	zend_platform	*	cpe:2.3:a:zend:zend_platform::a::::::*

References

marc.info/?l=full-disclosure&m=115642248226217&w=2

secunia.com/advisories/21573

securityreason.com/securityalert/1466

www.hardened-php.net/advisory_052006.128.html

www.osvdb.org/28230

www.osvdb.org/28231

www.securityfocus.com/archive/1/444263/100/0/threaded

www.securityfocus.com/bid/19692

www.vupen.com/english/advisories/2006/3388

exchange.xforce.ibmcloud.com/vulnerabilities/28573

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.131

Percentile

95.5%

JSON

Related for CVE-2006-4431