Back to search
CVE-2007-3799
Published: Jul 16, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
30288
third-party-advisory
x_refsource_SECUNIA
https://launchpad.net/bugs/173043
x_refsource_CONFIRM
RHSA-2007:0888
vendor-advisory
x_refsource_REDHAT
24268
vdb-entry
x_refsource_BID
FEDORA-2007-709
vendor-advisory
x_refsource_FEDORA
26967
third-party-advisory
x_refsource_SECUNIA
DSA-1444
vendor-advisory
x_refsource_DEBIAN
27351
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0924
vdb-entry
x_refsource_VUPEN
27864
third-party-advisory
x_refsource_SECUNIA
26930
third-party-advisory
x_refsource_SECUNIA
29420
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-03-18
vendor-advisory
x_refsource_APPLE
RHSA-2007:0889
vendor-advisory
x_refsource_REDHAT
USN-549-1
vendor-advisory
x_refsource_UBUNTU
https://issues.rpath.com/browse/RPL-1693
x_refsource_CONFIRM
28249
third-party-advisory
x_refsource_SECUNIA
DSA-1578
vendor-advisory
x_refsource_DEBIAN
27545
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm
x_refsource_CONFIRM
36855
vdb-entry
x_refsource_OSVDB
27377
third-party-advisory
x_refsource_SECUNIA
http://www.php-security.org/MOPB/PMOPB-46-2007.html
x_refsource_MISC
http://docs.info.apple.com/article.html?artnum=307562
x_refsource_CONFIRM
MDKSA-2007:187
vendor-advisory
x_refsource_MANDRIVA
26895
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9792
vdb-entry
signature
x_refsource_OVAL
USN-549-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2007:0890
vendor-advisory
x_refsource_REDHAT
RHSA-2007:0891
vendor-advisory
x_refsource_REDHAT
26871
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2007:015
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now