New Search

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors related to "certain characters in session names" including special characters that are frequently associated with CRLF injection SQL injection cross-site scripting (XSS) and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric as implied in the PHP manual for session_name().

oval:org.mitre.oval:def:10597

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors related to "certain characters in session names" including special characters that are frequently associated with CRLF injection SQL injection cross-site scripting (XSS) and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric as implied in the PHP manual for session_name().

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2006-3016
Product(s):