Lucene search

[email protected]NVD:CVE-2007-3799

HistoryJul 16, 2007 - 10:30 p.m.

CVE-2007-3799

2007-07-1622:30:00

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

9.5 High

AI Score

Confidence

High

0.388 Low

EPSS

Percentile

97.3%

JSON

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

Affected configurations

NVD

Node

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

Node

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

References

docs.info.apple.com/article.html?artnum=307562

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

osvdb.org/36855

rhn.redhat.com/errata/RHSA-2007-0889.html

secunia.com/advisories/26871

secunia.com/advisories/26895

secunia.com/advisories/26930

secunia.com/advisories/26967

secunia.com/advisories/27351

secunia.com/advisories/27377

secunia.com/advisories/27545

secunia.com/advisories/27864

secunia.com/advisories/28249

secunia.com/advisories/29420

secunia.com/advisories/30288

support.avaya.com/elmodocs2/security/ASA-2007-449.htm

www.debian.org/security/2008/dsa-1444

www.debian.org/security/2008/dsa-1578

www.mandriva.com/security/advisories?name=MDKSA-2007:187

www.novell.com/linux/security/advisories/2007_15_sr.html

www.php-security.org/MOPB/PMOPB-46-2007.html

www.redhat.com/support/errata/RHSA-2007-0888.html

www.redhat.com/support/errata/RHSA-2007-0890.html

www.redhat.com/support/errata/RHSA-2007-0891.html

www.securityfocus.com/bid/24268

www.ubuntu.com/usn/usn-549-2

www.vupen.com/english/advisories/2008/0924/references

issues.rpath.com/browse/RPL-1693

launchpad.net/bugs/173043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9792

usn.ubuntu.com/549-1/

www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

9.5 High

AI Score

Confidence

High

0.388 Low

EPSS

Percentile

97.3%

JSON

Related for NVD:CVE-2007-3799

cve2 prion2 cvelist2 ubuntucve2 veracode1 nvd1 nessus28 ubuntu3 gentoo1 openvas27 debian4 osv3 redhat5 centos3 f52 fedora1 oraclelinux2 securityvulns1