CVE-2006-0207

Stefan Esser discovered that the ‘session’ module did not sufficiently verify the validity of the user-supplied session ID A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting (forging of arbitrary responses on behalf the PHP application ...

Debian Bug report logs - #336645 PHP 441 fixes security bugs Package: php4; Maintainer for php4 is (unknown); Reported by: Florian Weimer <fw@denebenyode> Date: Mon, 31 Oct 2005 19:48:02 UTC Severity: grave Tags: security Found in version php4/4:4310-16 Fixed in version php4/4:442-1 Done: Adam Conrad <adconrad ...

Debian Bug report logs - #347894 php5: Two security problems in PHP5 Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 13 Jan 2006 11:33:02 UTC Severity: g ...

Debian Bug report logs - #336004 CVE-2005-3319: mod_php DoS through sessionsave_path option Package: php4; Maintainer for php4 is (unknown); Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Oct 2005 10:48:02 UTC Severity: important Tags: security Found in version php4/4:440-4 Fixed in version php4/4:442 ...