CVE-2006-4433

First published: Tue Aug 29 2006(Updated: )

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PHP PHP	=4.3.9
PHP PHP	=4.0-beta1
PHP PHP	=5.1.2
PHP PHP	=4.0-beta4
PHP PHP	=4.2.0
PHP PHP	=5.1.1
PHP PHP	=5.0.0-beta1
PHP PHP	=4.1.0
PHP PHP	=4.3.4
PHP PHP	=4.0.4
PHP PHP	=4.3.0
PHP PHP	=4.0.5
PHP PHP	=5.0-rc1
PHP PHP	=5.0.5
PHP PHP	=4.3.6
PHP PHP	=5.0.1
PHP PHP	=4.0.7-rc2
PHP PHP	=4.3.7
PHP PHP	=5.0.4
PHP PHP	=4.0.7-rc1
PHP PHP	=4.2.2
PHP PHP	=4.4.2
PHP PHP	=4.0-rc1
PHP PHP	=4.3.2
PHP PHP	=4.3.11
PHP PHP	=4.0.0
PHP PHP	=4.0.3-patch1
PHP PHP	=4.0.7
PHP PHP	=4.0.2
PHP PHP	=4.3.3
PHP PHP	=5.0-rc3
PHP PHP	=4.1.1
PHP PHP	=5.0.0-rc2
PHP PHP	=5.0.3
PHP PHP	=4.2.3
PHP PHP	=5.1.0
PHP PHP	=4.0.1-patch1
PHP PHP	=5.0.0-rc3
PHP PHP	=4.0
PHP PHP	=4.0-beta2
PHP PHP	=4.0.1-patch2
PHP PHP	=4.0.6
PHP PHP	=5.0-rc2
PHP PHP	=4.1.2
PHP PHP	=5.0.0-beta3
PHP PHP	=4.0.7-rc3
PHP PHP	=4.0-rc2
PHP PHP	=4.3.1
PHP PHP	=4.0-beta_4_patch1
PHP PHP	=4.4.0
PHP PHP	=4.3.10
PHP PHP	=4.2.1
PHP PHP	=5.0.0-rc1
PHP PHP	=4.0.4-patch1
PHP PHP	=4.0.1
PHP PHP	=5.0.2
PHP PHP	=4.2
PHP PHP	=4.4.1
PHP PHP	=4.0-beta3
PHP PHP	=4.0.3
PHP PHP	=5.0.0-beta4
PHP PHP	=5.0.0
PHP PHP	=4.3.8
PHP PHP	=4.3.5
PHP PHP	=5.0.0-beta2

Remedy

http://secunia.com/advisories/21573

Remedy

http://www.hardened-php.net/advisory_052006.128.html

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
collector/nvd-historical
agent/weakness
agent/severity
agent/author
agent/type
agent/references
agent/event
agent/description
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/php
canonical/php php
version/php php/4.0
version/php php/4.0-beta_4_patch1
version/php php/4.0-beta1
version/php php/4.0-beta2
version/php php/4.0-beta3
version/php php/4.0-beta4
version/php php/4.0-rc1
version/php php/4.0-rc2
version/php php/4.0.0
version/php php/4.0.1
version/php php/4.0.1-patch1
version/php php/4.0.1-patch2
version/php php/4.0.2
version/php php/4.0.3
version/php php/4.0.3-patch1
version/php php/4.0.4
version/php php/4.0.4-patch1
version/php php/4.0.5
version/php php/4.0.6
version/php php/4.0.7
version/php php/4.0.7-rc1
version/php php/4.0.7-rc2
version/php php/4.0.7-rc3
version/php php/4.1.0
version/php php/4.1.1
version/php php/4.1.2
version/php php/4.2
version/php php/4.2.0
version/php php/4.2.1
version/php php/4.2.2
version/php php/4.2.3
version/php php/4.3.0
version/php php/4.3.1
version/php php/4.3.2
version/php php/4.3.3
version/php php/4.3.4
version/php php/4.3.5
version/php php/4.3.6
version/php php/4.3.7
version/php php/4.3.8
version/php php/4.3.9
version/php php/4.3.10
version/php php/4.3.11
version/php php/4.4.0
version/php php/4.4.1
version/php php/4.4.2
version/php php/5.0-rc1
version/php php/5.0-rc2
version/php php/5.0-rc3
version/php php/5.0.0
version/php php/5.0.0-beta1
version/php php/5.0.0-beta2
version/php php/5.0.0-beta3
version/php php/5.0.0-beta4
version/php php/5.0.0-rc1
version/php php/5.0.0-rc2
version/php php/5.0.0-rc3
version/php php/5.0.1
version/php php/5.0.2
version/php php/5.0.3
version/php php/5.0.4
version/php php/5.0.5
version/php php/5.1.0
version/php php/5.1.1
version/php php/5.1.2

CVE-2006-4433

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact