QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-3016

Back to search

CVE-2006-3016

Published: Jun 14, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2006:0669
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:10597
vdb-entry
signature
x_refsource_OVAL
22487
third-party-advisory
x_refsource_SECUNIA
TLSA-2006-38
vendor-advisory
x_refsource_TURBO
21050
third-party-advisory
x_refsource_SECUNIA
23247
third-party-advisory
x_refsource_SECUNIA
22004
third-party-advisory
x_refsource_SECUNIA
RHSA-2006:0682
vendor-advisory
x_refsource_REDHAT
USN-320-1
vendor-advisory
x_refsource_UBUNTU
22440
third-party-advisory
x_refsource_SECUNIA
22069
third-party-advisory
x_refsource_SECUNIA
22225
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:122
vendor-advisory
x_refsource_MANDRIVA
25253
vdb-entry
x_refsource_OSVDB
19927
third-party-advisory
x_refsource_SECUNIA
1016306
vdb-entry
x_refsource_SECTRACK
17843
vdb-entry
x_refsource_BID
RHSA-2006:0736
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now