NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-3016

Summary	Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
Publication Date	June 15, 2006, 8:02 a.m.
Registration Date	Jan. 29, 2021, 3:39 p.m.
Last Update	Oct. 19, 2018, 1:45 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:php_group:php::::::::			5.1.2

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	SGI
2	http://rhn.redhat.com/errata/RHSA-2006-0736.html	REDHAT
3	http://secunia.com/advisories/19927	SECUNIA	Patch Vendor Advisory
4	http://secunia.com/advisories/21050	SECUNIA	Patch Vendor Advisory
5	http://secunia.com/advisories/22004	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/22069	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/22225	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/22440	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/22487	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/23247	SECUNIA	Vendor Advisory
11	http://securitytracker.com/id?1016306	SECTRACK
12	http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm	CONFIRM
13	http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm	CONFIRM
14	http://www.mandriva.com/security/advisories?name=MDKSA-2006:122	MANDRIVA
15	http://www.osvdb.org/25253	OSVDB
16	http://www.php.net/release_5_1_3.php	CONFIRM
17	http://www.redhat.com/support/errata/RHSA-2006-0669.html	REDHAT
18	http://www.redhat.com/support/errata/RHSA-2006-0682.html	REDHAT
19	http://www.securityfocus.com/archive/1/447866/100/0/threaded	BUGTRAQ
20	http://www.securityfocus.com/bid/17843	BID	Exploit Patch
21	http://www.turbolinux.com/security/2006/TLSA-2006-38.txt	TURBO
22	http://www.ubuntu.com/usn/usn-320-1	UBUNTU
23	https://issues.rpath.com/browse/RPL-683	CONFIRM
24	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597	OVAL

Common Vulnerabilities List