Bug 178044

Summary: CVE-2006-0207 PHP HTTP session response splitting flaw
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: phpAssignee: Joe Orton <jorton>
Status: CLOSED INSUFFICIENT_DATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20060112,reported=20060113,source=secunia
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-23 06:05:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2006-01-17 16:05:39 UTC 
Stefan Esser of the Hardened PHP project has discovered a response splitting
flaw in the way PHP 5 deals with user supplied session information.

More information can be found here:
http://www.hardened-php.net/advisory_012006.112.html
Comment 1 Christian Iseli 2007-01-20 00:08:37 UTC 
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 petrosyan 2008-02-23 06:05:22 UTC 
Fedora Core 4 is no longer maintained.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.