CVE-2006-3016

Impact:
Moderate
Public Date:
2006-05-02
Bugzilla:
1618130: CVE-2006-3016 security flaw

The MITRE CVE dictionary describes this issue as:

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

Find out more about CVE-2006-3016 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 RHSA-2006:0682 2006-09-21
Stronghold 4 for Red Hat Enterprise Linux RHSA-2006:0736 2006-12-11
Red Hat Enterprise Linux 3 (php) RHSA-2006:0669 2006-09-21
Red Hat Enterprise Linux 4 (php) RHSA-2006:0669 2006-09-21

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.