CVE-2011-4718

EUVD-2011-4636
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.5.1
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.2.17
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
phpphp
5.3.5
phpphp
5.3.6
phpphp
5.3.7
phpphp
5.3.8
phpphp
5.3.9
phpphp
5.3.10
phpphp
5.3.11
phpphp
5.3.12
phpphp
5.3.13
phpphp
5.3.14
phpphp
5.3.15
phpphp
5.3.16
phpphp
5.3.17
phpphp
5.3.18
phpphp
5.3.19
phpphp
5.3.20
phpphp
5.3.21
phpphp
5.3.22
phpphp
5.3.23
phpphp
5.3.24
phpphp
5.3.25
phpphp
5.3.26
phpphp
5.3.27
phpphp
5.4.0
phpphp
5.4.1
phpphp
5.4.2
phpphp
5.4.3
phpphp
5.4.4
phpphp
5.4.5
phpphp
5.4.6
phpphp
5.4.7
phpphp
5.4.8
phpphp
5.4.9
phpphp
5.4.10
phpphp
5.4.11
phpphp
5.4.12
phpphp
5.4.12:rc1
phpphp
5.4.12:rc2
phpphp
5.4.13
phpphp
5.4.13:rc1
phpphp
5.4.14
phpphp
5.4.14:rc1
phpphp
5.4.15:rc1
phpphp
5.4.16:rc1
phpphp
5.5.0:alpha1
phpphp
5.5.0:alpha2
phpphp
5.5.0:alpha3
phpphp
5.5.0:alpha4
phpphp
5.5.0:alpha5
phpphp
5.5.0:alpha6
phpphp
5.5.0:beta1
phpphp
5.5.0:beta2
phpphp
5.5.0:beta3
phpphp
5.5.0:beta4
phpphp
5.5.0:rc1
phpphp
5.5.0:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde
https://bugs.php.net/bug.php?id=60491
https://wiki.php.net/rfc/strict_sessions
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde
https://bugs.php.net/bug.php?id=60491
https://wiki.php.net/rfc/strict_sessions