Description

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

Remediation

References

CVE-2006-0207

Related Vulnerabilities

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23192)

WebLogic Improper Input Validation Vulnerability (CVE-2017-15707)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7851)

MODX Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-8773)

WordPress Plugin WP REST API (WP API) Security Bypass (1.2.1)

Severity

Medium

Classification

CVE-2006-0207 CWE-94

Tags

Missing Update Known Vulnerabilities