Summary
This host is running PHP and is prone to session fixation vulnerability.
Impact
Successful exploitation will allow attackers to hijack web sessions by specifying a session ID.
Solution
Upgrade to PHP version 5.5.2 or later,
For updates refer to http://php.net
Insight
PHP contains an unspecified flaw in the Sessions subsystem.
Affected
PHP version prior to 5.5.2 on Windows.
Detection
Get the installed version of PHP with the help of detect NVT and check it is vulnerable or not.
References
- http://cxsecurity.com/cveshow/CVE-2011-4718
- http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde
- http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f
- http://secunia.com/advisories/54562
- http://www.osvdb.org/96316
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4718 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities - 02 Mar14
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability