CVE-2006-3016
published 2006-06-14CVE-2006-3016: Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including…
PriorityP426critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.26%
80.8th percentile
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_group | php | <= 5.1.2 | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrmc-m598-86rh: Unspecified vulnerability in session
ghsa_unreviewed·2022-05-03
CVE-2006-3016 [HIGH] GHSA-rrmc-m598-86rh: Unspecified vulnerability in session
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2006-07-19·CVSS 4.3
CVE-2006-1494 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
The phpinfo() PHP function did not properly sanitize long strings. A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). Please note that it is not recommended to publicly expose
phpinfo(). (CVE-2006-0996)
An information disclosure has been reported in the
html_entity_decode() function. A script which uses this function to
process arbitrary user-supplied input could be exploited to expose a
random part of memory, which could potentially reveal sensitive data.
(CVE-2006-1490)
The wordwrap() function did not sufficiently check the validity of the
'break' argument. An attacker who could control the string passed to
the 'break' parameter cou
Red Hat
security flaw
vendor_redhat·2006-05-02·CVSS 9.3
CVE-2006-3016 [CRITICAL] security flaw
security flaw
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-3016 security flaw
bugzilla·2018-08-16·CVSS 9.3
CVE-2006-3016 [CRITICAL] CVE-2006-3016 security flaw
CVE-2006-3016 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
Bugzilla
CVE-2006-3016 PHP session ID validation
bugzilla·2006-09-18·CVSS 9.3
CVE-2006-3016 [CRITICAL] CVE-2006-3016 PHP session ID validation
CVE-2006-3016 PHP session ID validation
+++ This bug was initially created as a clone of Bug #206959 +++
PHP session ID validation
PHP does not validate the characters used in the session name. Unknown impact.
http://www.php.net/release_4_4_3.php
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0682.html
Bugzilla
CVE-2006-3016 PHP session ID validation
bugzilla·2006-09-18·CVSS 9.3
CVE-2006-3016 [CRITICAL] CVE-2006-3016 PHP session ID validation
CVE-2006-3016 PHP session ID validation
PHP session ID validation
PHP does not validate the characters used in the session name. Unknown impact.
http://www.php.net/release_4_4_3.php
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0669.html
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://rhn.redhat.com/errata/RHSA-2006-0736.htmlhttp://secunia.com/advisories/19927http://secunia.com/advisories/21050http://secunia.com/advisories/22004http://secunia.com/advisories/22069http://secunia.com/advisories/22225http://secunia.com/advisories/22440http://secunia.com/advisories/22487http://secunia.com/advisories/23247http://securitytracker.com/id?1016306http://support.avaya.com/elmodocs2/security/ASA-2006-221.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-222.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.osvdb.org/25253http://www.php.net/release_5_1_3.phphttp://www.redhat.com/support/errata/RHSA-2006-0669.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0682.htmlhttp://www.securityfocus.com/archive/1/447866/100/0/threadedhttp://www.securityfocus.com/bid/17843http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.ubuntu.com/usn/usn-320-1https://issues.rpath.com/browse/RPL-683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.aschttp://rhn.redhat.com/errata/RHSA-2006-0736.htmlhttp://secunia.com/advisories/19927http://secunia.com/advisories/21050http://secunia.com/advisories/22004http://secunia.com/advisories/22069http://secunia.com/advisories/22225http://secunia.com/advisories/22440http://secunia.com/advisories/22487http://secunia.com/advisories/23247http://securitytracker.com/id?1016306http://support.avaya.com/elmodocs2/security/ASA-2006-221.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-222.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.osvdb.org/25253http://www.php.net/release_5_1_3.phphttp://www.redhat.com/support/errata/RHSA-2006-0669.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0682.htmlhttp://www.securityfocus.com/archive/1/447866/100/0/threadedhttp://www.securityfocus.com/bid/17843http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.ubuntu.com/usn/usn-320-1https://issues.rpath.com/browse/RPL-683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597
2006-06-14
Published