Описание
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
Отчет
This issue affects the version of php and php53 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of php as shipped with Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in future updates. This issue may be mitigated with user code changes as noted in https://wiki.php.net/rfc/strict_sessions#current_solution
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Will not fix | ||
| Red Hat Enterprise Linux 5 | php53 | Will not fix | ||
| Red Hat Enterprise Linux 6 | php | Will not fix | ||
| Red Hat Enterprise Linux 7 | php | Will not fix | ||
| Red Hat Software Collections | php54-php | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
Session fixation vulnerability in the Sessions subsystem in PHP before ...
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
Уязвимость подсистемы sessions интерпретатора языка программирования PHP, позволяющая нарушителю перехватить сессию пользователя
EPSS
5.8 Medium
CVSS2