Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

Published

2006-01-13T23:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	5.0	Yes
Application	php	php	5.0	Yes
Application	php	php	5.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.1	Yes
Application	php	php	5.0.2	Yes
Application	php	php	5.0.3	Yes
Application	php	php	5.0.4	Yes
Application	php	php	5.0.5	Yes
Application	php	php	5.1.0	Yes
Application	php	php	5.1.1	Yes

References

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html ([email protected])
http://secunia.com/advisories/18431 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/18697 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19012 Vendor Advisory ([email protected])
http://secunia.com/advisories/19179 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19355 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/25945 ([email protected])
http://securitytracker.com/id?1015484 Patch, Vendor Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1331 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch, Vendor Advisory ([email protected])
http://www.hardened-php.net/advisory_012006.112.html Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 ([email protected])
http://www.php.net/release_5_1_2.php ([email protected])
http://www.securityfocus.com/bid/16220 Patch ([email protected])
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/24094 ([email protected])
https://usn.ubuntu.com/261-1/ ([email protected])
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18431 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18697 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19012 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19179 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19355 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25945 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015484 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1331 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.hardened-php.net/advisory_012006.112.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/release_5_1_2.php (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16220 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24094 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/261-1/ (af854a3a-2127-422b-91ae-364da2661108)