CVE-2006-0207

Published: 13 January 2006

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

Priority

Unknown

Status

Package Release Status
php4
Launchpad, Ubuntu, Debian
Upstream Needs triage

php5
Launchpad, Ubuntu, Debian
Upstream Needs triage