[php-maint] Bug#354683: PHP4 in Sarge appears vulnerable to
CVE-2006-0207
Nick Jenkins
nickpj at gmail.com
Tue Feb 28 04:29:16 UTC 2006
Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security
Ref:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
Description:
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote
attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header,
related to the (1) session extension (aka ext/session) and the (2) header
function.
Vulnerable PHP versions:
CVE report lists 5.1.1, however versions prior to PHP version 4.4.2
are also vulnerable according to:
http://www.frsirt.com/english/advisories/2006/0177
More information about the pkg-php-maint
mailing list