Description
PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/28233
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444263/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1466
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/28273
Patch, Vendor Advisory x_refsource_misc
http://www.hardened-php.net/advisory_052006.128.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21573
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3388
Scores
EPSS
0.0283
EPSS Percentile
86.4%
Details
Status
published
Products (34)
php/php
4.0 (8 CPE variants)
php/php
4.0.0
php/php
4.0.1 (3 CPE variants)
php/php
4.0.2
php/php
4.0.3 (2 CPE variants)
php/php
4.0.4 (2 CPE variants)
php/php
4.0.5
php/php
4.0.6
php/php
4.0.7 (4 CPE variants)
php/php
4.1.0
... and 24 more
Published
Aug 29, 2006
Tracked Since
Feb 18, 2026