Vulnerability & Exploit Database

Back to search

F5 Networks: K13519 (CVE-2007-3799): Multiple PHP vulnerabilities

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:N/I:P/A:N) July 16, 2007 February 16, 2017 October 13, 2017

Description

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

f5-big-ip-upgrade-latest

Related Vulnerabilities