CVE-2011-4718

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.5.1
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.2.14
phpphp
5.2.15
phpphp
5.2.16
phpphp
5.2.17
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
phpphp
5.3.3
phpphp
5.3.4
phpphp
5.3.5
phpphp
5.3.6
phpphp
5.3.7
phpphp
5.3.8
phpphp
5.3.9
phpphp
5.3.10
phpphp
5.3.11
phpphp
5.3.12
phpphp
5.3.13
phpphp
5.3.14
phpphp
5.3.15
phpphp
5.3.16
phpphp
5.3.17
phpphp
5.3.18
phpphp
5.3.19
phpphp
5.3.20
phpphp
5.3.21
phpphp
5.3.22
phpphp
5.3.23
phpphp
5.3.24
phpphp
5.3.25
phpphp
5.3.26
phpphp
5.3.27
phpphp
5.4.0
phpphp
5.4.1
phpphp
5.4.2
phpphp
5.4.3
phpphp
5.4.4
phpphp
5.4.5
phpphp
5.4.6
phpphp
5.4.7
phpphp
5.4.8
phpphp
5.4.9
phpphp
5.4.10
phpphp
5.4.11
phpphp
5.4.12
phpphp
5.4.12:rc1
phpphp
5.4.12:rc2
phpphp
5.4.13
phpphp
5.4.13:rc1
phpphp
5.4.14
phpphp
5.4.14:rc1
phpphp
5.4.15:rc1
phpphp
5.4.16:rc1
phpphp
5.5.0:alpha1
phpphp
5.5.0:alpha2
phpphp
5.5.0:alpha3
phpphp
5.5.0:alpha4
phpphp
5.5.0:alpha5
phpphp
5.5.0:alpha6
phpphp
5.5.0:beta1
phpphp
5.5.0:beta2
phpphp
5.5.0:beta3
phpphp
5.5.0:beta4
phpphp
5.5.0:rc1
phpphp
5.5.0:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
php54
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-bcmath
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-cli
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-common
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-dba
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-debuginfo
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-devel
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-embedded
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-enchant
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-fpm
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-gd
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-imap
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-intl
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-ldap
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-mbstring
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-mcrypt
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-mssql
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-mysql
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-mysqlnd
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-odbc
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-pdo
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-pgsql
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-process
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-pspell
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-recode
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-snmp
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-soap
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-tidy
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-xml
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
php54-xmlrpc
Amazon Linux 1
0:5.4.19-1.42.amzn1
fixed
Common Weakness Enumeration