[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0207Date: (C)2006-01-13   (M)2023-12-22


Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1015484
BID-16220
SECUNIA-18431
SECUNIA-18697
SECUNIA-19012
SECUNIA-19179
SECUNIA-19355
SECUNIA-25945
ADV-2006-0177
ADV-2006-0369
DSA-1331
GLSA-200603-22
MDKSA-2006:028
SUSE-SR:2006:004
USN-261-1
http://www.hardened-php.net/advisory_012006.112.html
http://www.php.net/release_5_1_2.php
php-session-response-splitting(24094)

CPE    8
cpe:/a:php:php:5.0.5
cpe:/a:php:php:5.0.1
cpe:/a:php:php:5.1.0
cpe:/a:php:php:5.0.2
...
CWE    1
CWE-94

© SecPod Technologies