what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-3799

Status Candidate

Overview

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

Related Files

Debian Linux Security Advisory 1578-1
Posted May 20, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1578-1 - Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. A denial of service was possible through a malicious script abusing the glob() function. Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. The escapeshellcmd API function could be attacked via incomplete multibyte chars.

tags | advisory, remote, denial of service, overflow, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-3799, CVE-2007-3806, CVE-2007-3998, CVE-2007-4657, CVE-2008-2051
SHA-256 | 9825e5299540688f4d7bd7f26490f7a68f71187a478c2b2e0f29fe8b48f1420b
Debian Linux Security Advisory 1444-2
Posted Jan 24, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1444-2 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA.

tags | advisory, remote, php, vulnerability
systems | linux, debian
advisories | CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4662, CVE-2007-5898, CVE-2007-5899
SHA-256 | dda79c6d77254050d19f65dcad2c8f912bd1eaafbc90711f0b3651b4cf9362f5
Debian Linux Security Advisory 1444-1
Posted Jan 3, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1444-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language.

tags | advisory, remote, php, vulnerability
systems | linux, debian
advisories | CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4659, CVE-2007-4660, CVE-2007-4662, CVE-2007-5898, CVE-2007-5899
SHA-256 | e011051596ddd3a8f90e9d2879e9c2deb16475061948bea707a9778931608245
Ubuntu Security Notice 549-2
Posted Dec 4, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 549-2 - USN-549-1 fixed vulnerabilities in PHP. However, some upstream changes were incomplete, which caused crashes in certain situations with Ubuntu 7.10.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899
SHA-256 | 9a0a4a1d82e27e9d74bb5eb17c3168dc8ab295a00a313b9b1b95a786a5cb345f
Ubuntu Security Notice 549-1
Posted Nov 30, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5.

tags | advisory, denial of service, overflow, arbitrary, php, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899
SHA-256 | 82dae6b629e189b7e2d3dfbad033c409a70c0f0886d117b786a64d4164df2e82
Mandriva Linux Security Advisory 2007.187
Posted Sep 25, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. Not just a couple, not a few, but many.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670
SHA-256 | 01d42bfc7015b848897634663e966d52f46f75ad839abd6b538db6357c46f4f2
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close