[Phpwm] Fw: [USN-261-1] PHP vulnerabilities
Rob Allen
rob at akrabat.com
Fri Mar 10 16:58:54 GMT 2006
sparkes wrote:
> Time to update your systems again. Yet another exploitable problem
> patched.
>
> sparkes
>
> Begin forwarded message:
>
>
> Details follow:
>
> Stefan Esser discovered that the 'session' module did not sufficiently
> verify the validity of the user-supplied session ID. A remote attacker
> could exploit this to insert arbitrary HTTP headers into the response
> sent by the PHP application, which could lead to HTTP Response
> Splitting (forging of arbitrary responses on behalf the PHP
> application) and Cross Site Scripting (XSS) (execution of arbitrary
> web script code in the client's browser) attacks. (CVE-2006-0207)
>
> PHP applications were also vulnerable to several Cross Site Scripting
> (XSS) flaws if the options 'display_errors' and 'html_errors' were
> enabled. Please note that enabling 'html_errors' is not recommended
> for production systems. (CVE-2006-0208)
>
I thought the ext/session thing was fixed a couple of months ago?
Rob...
(www.akrabat.com)
More information about the Phpwm
mailing list