PHP Session Extension SessionID Set-Cookie Arbitrary Header Injection

2006-01-12T08:47:27
ID OSVDB:22478
Type osvdb
Reporter OSVDB
Modified 2006-01-12T08:47:27

Description

Solution Description

Upgrade to version 5.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://www.php.net/release_5_1_2.php Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015484 Secunia Advisory ID:19355 Secunia Advisory ID:25945 Secunia Advisory ID:18697 Secunia Advisory ID:19179 Secunia Advisory ID:18431 Secunia Advisory ID:19012 Related OSVDB ID: 22479 Related OSVDB ID: 22480 Other Advisory URL: http://www.hardened-php.net/advisory_012006.112.html Other Advisory URL: http://www.ubuntu.com/usn/usn-261-1 Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1331 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0424.html ISS X-Force ID: 24094 FrSIRT Advisory: ADV-2006-0177 CVE-2006-0207 Bugtraq ID: 16220