Vulnerability CVE-2006-3016

Vulnerability Name:

CVE-2006-3016 (CCN-30479)

Assigned:

2006-05-02

Published:

2006-05-02

Updated:

2018-10-18

Summary:

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.
Note: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Other

References:

Source: SGI
Type: UNKNOWN
20061001-01-P

Source: MITRE
Type: CNA
CVE-2006-3016

Source: CCN
Type: RHSA-2006-0669
php security update

Source: CCN
Type: RHSA-2006-0682
php security update

Source: CCN
Type: RHSA-2006-0736
Important: php security update for Stronghold

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0736

Source: CCN
Type: SA19927
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
19927

Source: SECUNIA
Type: Patch, Vendor Advisory
21050

Source: SECUNIA
Type: Vendor Advisory
22004

Source: SECUNIA
Type: Vendor Advisory
22069

Source: SECUNIA
Type: Vendor Advisory
22225

Source: CCN
Type: SA22440
Avaya Products PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22440

Source: SECUNIA
Type: Vendor Advisory
22487

Source: SECUNIA
Type: Vendor Advisory
23247

Source: CCN
Type: SECTRACK ID: 1016306
PHP Input Validation Hole Permits Cross-Site Scripting Attacks and Other Bugs Have Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1016306

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

Source: CCN
Type: ASA-2006-221
php security update (RHSA-2006-0682)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

Source: CCN
Type: ASA-2006-222
php security update (RHSA-2006-0669)

Source: CCN
Type: PHP Web site
PHP: PHP 5.1.3 Release Announcement

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:122

Source: OSVDB
Type: UNKNOWN
25253

Source: CCN
Type: OSVDB ID: 25253
PHP Session Name Unspecified Character Weakness

Source: CONFIRM
Type: UNKNOWN
http://www.php.net/release_5_1_3.php

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0669

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0682

Source: BUGTRAQ
Type: UNKNOWN
20061005 rPSA-2006-0182-1 php php-mysql php-pgsql

Source: BID
Type: Exploit, Patch
17843

Source: CCN
Type: BID-17843
PHP Multiple Unspecified Vulnerabilities

Source: CCN
Type: TLSA-2006-38
Multiple vulnerabilities in php

Source: TURBO
Type: UNKNOWN
TLSA-2006-38

Source: UBUNTU
Type: UNKNOWN
USN-320-1

Source: XF
Type: UNKNOWN
php-sessionname-unspecified(30479)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-683

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10597

Vulnerable Configuration:

Configuration 1:

cpe:/a:php_group:php:*:*:*:*:*:*:*:* (Version <= 5.1.2)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*

AND

cpe:/a:redhat:stronghold:-:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:10597	V	Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().	2013-04-29
oval:com.redhat.rhsa:def:20060669	P	RHSA-2006:0669: php security update (Moderate)	2006-09-21

BACK