CVE-2006-0207
UnknownEPSS 4.25%
Last modified
CVE-2006-0207 is a vulnerability of currently unknown severity. Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.. EPSS estimates a 4.25% chance of exploitation in the next 30 days.
Description
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Php | Php | 5.0 | Rc1 |
| Php | Php | 5.0.0 | — |
| Php | Php | 5.0.1 | — |
| Php | Php | 5.0.2 | — |
| Php | Php | 5.0.3 | — |
| Php | Php | 5.0.4 | — |
| Php | Php | 5.0.5 | — |
| Php | Php | 5.1.0 | — |
| Php | Php | 5.1.1 | — |
References
- http://secunia.com/advisories/18431Patch, Vendor Advisory
- http://secunia.com/advisories/18697Patch, Vendor Advisory
- http://secunia.com/advisories/19012Vendor Advisory
- http://secunia.com/advisories/19179Patch, Vendor Advisory
- http://secunia.com/advisories/19355Patch, Vendor Advisory
- http://securitytracker.com/id?1015484Patch, Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200603-22.xmlPatch, Vendor Advisory
- http://www.hardened-php.net/advisory_012006.112.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2006/0177Vendor Advisory
- http://www.vupen.com/english/advisories/2006/0369Vendor Advisory
- http://secunia.com/advisories/18431Patch, Vendor Advisory
- http://secunia.com/advisories/18697Patch, Vendor Advisory
- http://secunia.com/advisories/19012Vendor Advisory
- http://secunia.com/advisories/19179Patch, Vendor Advisory
- http://secunia.com/advisories/19355Patch, Vendor Advisory
- http://securitytracker.com/id?1015484Patch, Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200603-22.xmlPatch, Vendor Advisory
- http://www.hardened-php.net/advisory_012006.112.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2006/0177Vendor Advisory
- http://www.vupen.com/english/advisories/2006/0369Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0207?
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
How severe is CVE-2006-0207?
Severity scoring for CVE-2006-0207 is pending analysis. The EPSS model estimates a 4.25% probability of exploitation in the next 30 days.
How do I fix CVE-2006-0207?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-0207?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST