CVE-2006-4433 : PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third p

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.

Published 2006-08-29 00:04:00

Updated 2018-10-30 16:25:36

Source MITRE

View at NVD, CVE.org

Threat overview for CVE-2006-4433

Top countries where our scanners detected CVE-2006-4433

Top open port discovered on systems with this issue 80

IPs affected by CVE-2006-4433 7,908

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2006-4433!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2006-4433

Probability of exploitation activity in the next 30 days: 3.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-4433

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

Vendor statements for CVE-2006-4433

Red Hat 2008-10-30

We do not consider this to be a PHP flaw. The problem is caused by the insufficient input validation performed by Zend platform.

References for CVE-2006-4433

Products affected by CVE-2006-4433

PHP » PHP » Version: 4.0
cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.1
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.3
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.4
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.5
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.6
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.1.0
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.1.1
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.1.2
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.1 Update Patch2
cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.1 Update Patch1
cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.7
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.3 Update Patch1
cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.7 Update RC3
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.2
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.7 Update RC1
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.7 Update RC2
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.2.0
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.2.1
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.2.2
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.2.3
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.2 DEV Edition
cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0 Update Beta1
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0 Update Beta3
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0 Update Beta4
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0 Update RC1
cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0 Update RC2
cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.4 Update Patch1
cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0 Update Beta 4 Patch1
cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0 Update Beta2
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.0
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.1
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.2
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0 Update RC2
cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0 Update RC3
cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.3
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.5
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.6
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.7
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0 Update RC1
cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.8
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.4
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.1
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.2
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.9
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.10
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.3
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.4.0
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.0.0
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.3.11
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.4
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.5
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0 Update Beta1
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0 Update Beta4
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0 Update RC1
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0 Update Beta2
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0 Update Beta3
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0 Update RC2
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.0.0 Update RC3
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.4.1
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 4.4.2
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.1.0
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.1.1
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
Matching versions
PHP » PHP » Version: 5.1.2
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
Matching versions

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!