Ubuntu Security Notice (C) 2006-2015 Canonical, Inc. / NASL script (C) 2006-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Stefan Esser discovered that the 'session' module did not sufficiently
verify the validity of the user-supplied session ID. A remote attacker
could exploit this to insert arbitrary HTTP headers into the response
sent by the PHP application, which could lead to HTTP Response
Splitting (forging of arbitrary responses on behalf the PHP
application) and Cross Site Scripting (XSS) (execution of arbitrary
web script code in the client's browser) attacks. (CVE-2006-0207)
PHP applications were also vulnerable to several Cross Site Scripting
(XSS) flaws if the options 'display_errors' and 'html_errors' were
enabled. Please note that enabling 'html_errors' is not recommended
for production systems. (CVE-2006-0208).
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 21068 ()
Bugtraq ID: 16220
CVE ID: CVE-2006-0207CVE-2006-0208
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.