CVE
- Id
- 27156
- CVE No.
- CVE-2007-3799
- Status
- Candidate
- Description
- The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.
- Phase
- Assigned (20070716)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 278075 | 27156 | CVE-2007-3799 | MISC:http://www.php-security.org/MOPB/PMOPB-46-2007.html | View |
| 278076 | 27156 | CVE-2007-3799 | CONFIRM:https://issues.rpath.com/browse/RPL-1693 | View |
| 278077 | 27156 | CVE-2007-3799 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm | View |
| 278078 | 27156 | CVE-2007-3799 | CONFIRM:https://launchpad.net/bugs/173043 | View |
| 278079 | 27156 | CVE-2007-3799 | CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 | View |
| 278080 | 27156 | CVE-2007-3799 | APPLE:APPLE-SA-2008-03-18 | View |
| 278081 | 27156 | CVE-2007-3799 | URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html | View |
| 278082 | 27156 | CVE-2007-3799 | DEBIAN:DSA-1444 | View |
| 278083 | 27156 | CVE-2007-3799 | URL:http://www.debian.org/security/2008/dsa-1444 | View |
| 278084 | 27156 | CVE-2007-3799 | DEBIAN:DSA-1578 | View |
| 278085 | 27156 | CVE-2007-3799 | URL:http://www.debian.org/security/2008/dsa-1578 | View |
| 278086 | 27156 | CVE-2007-3799 | FEDORA:FEDORA-2007-709 | View |
| 278087 | 27156 | CVE-2007-3799 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html | View |
| 278088 | 27156 | CVE-2007-3799 | MANDRIVA:MDKSA-2007:187 | View |
| 278089 | 27156 | CVE-2007-3799 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:187 | View |
| 278090 | 27156 | CVE-2007-3799 | REDHAT:RHSA-2007:0890 | View |
| 278091 | 27156 | CVE-2007-3799 | URL:http://www.redhat.com/support/errata/RHSA-2007-0890.html | View |
| 278092 | 27156 | CVE-2007-3799 | REDHAT:RHSA-2007:0889 | View |
| 278093 | 27156 | CVE-2007-3799 | URL:http://rhn.redhat.com/errata/RHSA-2007-0889.html | View |
| 278094 | 27156 | CVE-2007-3799 | REDHAT:RHSA-2007:0888 | View |
| 278095 | 27156 | CVE-2007-3799 | URL:http://www.redhat.com/support/errata/RHSA-2007-0888.html | View |
| 278096 | 27156 | CVE-2007-3799 | REDHAT:RHSA-2007:0891 | View |
| 278097 | 27156 | CVE-2007-3799 | URL:http://www.redhat.com/support/errata/RHSA-2007-0891.html | View |
| 278098 | 27156 | CVE-2007-3799 | SUSE:SUSE-SR:2007:015 | View |
| 278099 | 27156 | CVE-2007-3799 | URL:http://www.novell.com/linux/security/advisories/2007_15_sr.html | View |
| 278100 | 27156 | CVE-2007-3799 | UBUNTU:USN-549-1 | View |
| 278101 | 27156 | CVE-2007-3799 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-549-1 | View |
| 278102 | 27156 | CVE-2007-3799 | UBUNTU:USN-549-2 | View |
| 278103 | 27156 | CVE-2007-3799 | URL:http://www.ubuntu.com/usn/usn-549-2 | View |
| 278104 | 27156 | CVE-2007-3799 | BID:24268 | View |
| 278105 | 27156 | CVE-2007-3799 | URL:http://www.securityfocus.com/bid/24268 | View |
| 278106 | 27156 | CVE-2007-3799 | OSVDB:36855 | View |
| 278107 | 27156 | CVE-2007-3799 | URL:http://osvdb.org/36855 | View |
| 278108 | 27156 | CVE-2007-3799 | OVAL:oval:org.mitre.oval:def:9792 | View |
| 278109 | 27156 | CVE-2007-3799 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9792 | View |
| 278110 | 27156 | CVE-2007-3799 | VUPEN:ADV-2008-0924 | View |
| 278111 | 27156 | CVE-2007-3799 | URL:http://www.vupen.com/english/advisories/2008/0924/references | View |
| 278112 | 27156 | CVE-2007-3799 | SECUNIA:26930 | View |
| 278113 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/26930 | View |
| 278114 | 27156 | CVE-2007-3799 | SECUNIA:26871 | View |
| 278115 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/26871 | View |
| 278116 | 27156 | CVE-2007-3799 | SECUNIA:26895 | View |
| 278117 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/26895 | View |
| 278118 | 27156 | CVE-2007-3799 | SECUNIA:26967 | View |
| 278119 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/26967 | View |
| 278120 | 27156 | CVE-2007-3799 | SECUNIA:27351 | View |
| 278121 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/27351 | View |
| 278122 | 27156 | CVE-2007-3799 | SECUNIA:27377 | View |
| 278123 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/27377 | View |
| 278124 | 27156 | CVE-2007-3799 | SECUNIA:27545 | View |
| 278125 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/27545 | View |
| 278126 | 27156 | CVE-2007-3799 | SECUNIA:27864 | View |
| 278127 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/27864 | View |
| 278128 | 27156 | CVE-2007-3799 | SECUNIA:28249 | View |
| 278129 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/28249 | View |
| 278130 | 27156 | CVE-2007-3799 | SECUNIA:29420 | View |
| 278131 | 27156 | CVE-2007-3799 | URL:http://secunia.com/advisories/29420 | View |
| 278132 | 27156 | CVE-2007-3799 | SECUNIA:30288 | View |
