Home > Vulnerability Database > CVE-2006-3016

Mend.io Vulnerability Database

CVE-2006-3016

Date: June 14, 2006

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().

Severity Score

8.1

Related Resources (27)

Url: https://issues.rpath.com/browse/RPL-683

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-3016

Url: http://secunia.com/advisories/22225

Url: http://secunia.com/advisories/22004

Url: http://www.turbolinux.com/security/2006/TLSA-2006-38.txt

Url: http://secunia.com/advisories/21050

Url: http://www.securityfocus.com/bid/17843

Url: http://secunia.com/advisories/22440

Url: http://secunia.com/advisories/22487

Url: http://secunia.com/advisories/22069

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597

Url: http://secunia.com/advisories/19927

Url: http://www.redhat.com/support/errata/RHSA-2006-0682.html

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm

Url: http://www.redhat.com/support/errata/RHSA-2006-0669.html

Url: http://securitytracker.com/id?1016306

Url: http://www.ubuntu.com/usn/usn-320-1

Url: ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

Url: http://rhn.redhat.com/errata/RHSA-2006-0736.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-3016

Url: http://secunia.com/advisories/23247

Url: http://www.osvdb.org/25253

Url: http://www.securityfocus.com/archive/1/447866/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm

Url: http://www.php.net/release_5_1_3.php

Url: https://www.mend.io/vulnerability-database/CVE-2006-3016

Severity Score

8.1

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-3016

Date: June 14, 2006

Severity Score

Related Resources (27)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?