CVE-2007-3799
Vulnerability Summary
Timeline
Description
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 9.25%• Percentile: 93%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Systems
- Unknown•PHP
4.0:beta_4_patch1 | 4.0:beta1 | 4.0:beta2 | 4.0:beta3 | 4.0:beta4 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.0.6 | 4.0.7 | 4.1.0 | 4.1.1 | 4.1.2 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 4.3.6 | 4.3.7 | 4.3.8 | 4.3.9 | 4.3.10 | 4.3.11 | 4.4.0 | 4.4.1 | 4.4.2 | 4.4.3 | 4.4.4 | 4.4.5 | 4.4.6 | 4.4.7 | 5.0.0 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:beta4 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.1.0 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.5 | 5.1.6 | 5.2.0 | 5.2.1 | 5.2.2 | 5.2.3 | 5.2.10 | 5.2.11 | 5.2.12 | 5.2.13 | 5.2.14
References (32)
- http://secunia.com/advisories/30288
- https://launchpad.net/bugs/173043
- http://www.redhat.com/support/errata/RHSA-2007-0888.html
- http://www.securityfocus.com/bid/24268
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html
- http://secunia.com/advisories/26967
- http://www.debian.org/security/2008/dsa-1444
- http://secunia.com/advisories/27351
- http://www.vupen.com/english/advisories/2008/0924/references
- http://secunia.com/advisories/27864
- http://secunia.com/advisories/26930
- http://secunia.com/advisories/29420
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2007-0889.html
- https://usn.ubuntu.com/549-1/
- https://issues.rpath.com/browse/RPL-1693
- http://secunia.com/advisories/28249
- http://www.debian.org/security/2008/dsa-1578
- http://secunia.com/advisories/27545
- http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
- http://osvdb.org/36855
- http://secunia.com/advisories/27377
- http://www.php-security.org/MOPB/PMOPB-46-2007.html
- http://docs.info.apple.com/article.html?artnum=307562
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
- http://secunia.com/advisories/26895
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9792
- http://www.ubuntu.com/usn/usn-549-2
- http://www.redhat.com/support/errata/RHSA-2007-0890.html
- http://www.redhat.com/support/errata/RHSA-2007-0891.html
- http://secunia.com/advisories/26871
- http://www.novell.com/linux/security/advisories/2007_15_sr.html