Table of Contents

Public Date:
382431: CVE-2007-5899 php session ID leakage

The MITRE CVE dictionary describes this issue as:

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

Find out more about CVE-2007-5899 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (php) RHSA-2008:0582 2008-07-22
Red Hat Enterprise Linux 3 (php) RHSA-2008:0544 2008-07-16
Red Hat Application Stack v2 for Enterprise Linux (v.5) RHSA-2008:0505 2008-07-02
Red Hat Enterprise Linux 4 (php) RHSA-2008:0545 2008-07-16
Red Hat Enterprise Linux 5 (php) RHSA-2008:0544 2008-07-16
Red Hat Enterprise Linux 2.1 (php) RHSA-2008:0546 2008-07-16
Last Modified

CVE description copyright © 2017, The MITRE Corporation