WS-2013-0240
January 30, 2013
In php-src, php-5.0.0b2 to php-5.4.12, have a flaw in the TLS compression, that can lead to recovery of secret authentication cookies and allows an attacker to perform session hijacking on an authenticated web session.
Related ResourcesĀ (1)
Do you need more information?
Contact UsCVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
