PHP Session Name Unspecified Character Weakness

2006-05-01T00:00:00
ID OSVDB:25253
Type osvdb
Reporter OSVDB
Modified 2006-05-01T00:00:00

Description

Vulnerability Description

PHP contains a flaw related to the use of unspecified unusual characters in session names. No further details have been provided.

Solution Description

Upgrade to version 4.4.3, 5.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP contains a flaw related to the use of unspecified unusual characters in session names. No further details have been provided.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: http://www.php.net/release_4_4_3.php Vendor Specific News/Changelog Entry: http://www.php.net/release_5_1_3.php Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1016306 Secunia Advisory ID:19927 Secunia Advisory ID:22440 Secunia Advisory ID:21050 Secunia Advisory ID:22004 Secunia Advisory ID:22069 Secunia Advisory ID:22225 Secunia Advisory ID:22487 Secunia Advisory ID:23247 Related OSVDB ID: 25254 Related OSVDB ID: 25255 RedHat RHSA: RHSA-2006:0669 RedHat RHSA: RHSA-2006:0682 RedHat RHSA: RHSA-2006:0736 Other Advisory URL: https://issues.rpath.com/browse/RPL-683 CVE-2006-3016