Vulnerabilities > CVE-2006-4433 - Remote Security vulnerability in PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php
nessus

Summary

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.

Nessus

NASL familyCGI abuses
NASL idPHP_4_4_3.NASL
descriptionAccording to its banner, the version of PHP installed on the remote host is older than 4.4.3 / 5.1.4. Such versions may be affected by several issues, including a buffer overflow, heap corruption, and a flaw by which a variable may survive a call to
last seen2020-06-01
modified2020-06-02
plugin id22268
published2006-08-25
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22268
titlePHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities

Statements

contributorTomas Hoger
lastmodified2008-10-30
organizationRed Hat
statementWe do not consider this to be a PHP flaw. The problem is caused by the insufficient input validation performed by Zend platform.