Upstream information

CVE-2006-0207 at MITRE

Description

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 143029 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • apache2-mod_php5 >= 5.0.4-9.8
  • php5 >= 5.0.4-9.8
  • php5-exif >= 5.0.4-9.8
  • php5-fastcgi >= 5.0.4-9.8
  • php5-mbstring >= 5.0.4-9.8
  • php5-pear >= 5.0.4-9.8
  • php5-snmp >= 5.0.4-9.8
SUSE LINUX 9.3
  • apache2-mod_php5 >= 5.0.3-14.18
  • php5 >= 5.0.3-14.18
  • php5-devel >= 5.0.3-14.18
  • php5-exif >= 5.0.3-14.18
  • php5-fastcgi >= 5.0.3-14.18
  • php5-mbstring >= 5.0.3-14.18
  • php5-pear >= 5.0.3-14.18
  • php5-sysvmsg >= 5.0.3-14.18
  • php5-sysvshm >= 5.0.3-14.18