Description

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

Remediation

References

CVE-2006-0207

Related Vulnerabilities

WordPress Plugin SendPress Newsletters Unspecified Vulnerability (1.7.6.11)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6729)

WordPress Plugin Manage Notification E-mails Cross-Site Request Forgery (1.8.2)

WordPress Plugin Slideshow Pro 'upload.php' Arbitrary File Upload (2.1)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-7943)

Severity

Medium

Classification

CVE-2006-0207 CWE-94

Tags

Missing Update Known Vulnerabilities