[Phpwm] Fw: [USN-261-1] PHP vulnerabilities

Rob Allen rob at akrabat.com
Fri Mar 10 16:58:54 GMT 2006


sparkes wrote:
> Time to update your systems again.  Yet another exploitable problem
> patched.
> 
> sparkes
> 
> Begin forwarded message:
> 
> 
> Details follow:
> 
> Stefan Esser discovered that the 'session' module did not sufficiently
> verify the validity of the user-supplied session ID. A remote attacker
> could exploit this to insert arbitrary HTTP headers into the response
> sent by the PHP application, which could lead to HTTP Response
> Splitting (forging of arbitrary responses on behalf the PHP
> application) and Cross Site Scripting (XSS) (execution of arbitrary
> web script code in the client's browser) attacks. (CVE-2006-0207)
> 
> PHP applications were also vulnerable to several Cross Site Scripting
> (XSS) flaws if the options 'display_errors' and 'html_errors' were
> enabled. Please note that enabling 'html_errors' is not recommended
> for production systems. (CVE-2006-0208)
> 


I thought the ext/session thing was fixed a couple of months ago?

Rob...
(www.akrabat.com)



More information about the Phpwm mailing list