Vulnerability Details : CVE-2006-3018

Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.

Published 2006-06-14 23:02:00

Updated 2010-09-15 04:54:47

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-3018

Probability of exploitation activity in the next 30 days: 2.57%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-3018

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

Vendor statements for CVE-2006-3018

Red Hat 2006-09-20

Unknown: CVE-2006-3018 has been assigned to an issue in PHP where the cause and fix are unknown, and the impact cannot be verified. The source of the CVE assignment was a single line statement in the PHP 5.1.3 release announcement, http://www.php.net/release_5_1_3.php, reading: "Fixed a heap corruption inside the session extension." Of the changes made to the session extension between releases 5.1.2 and 5.1.3, none would fix a bug matching this description by our analysis.

References for CVE-2006-3018

Products affected by CVE-2006-3018

Php Group » PHP
Versions up to, including, (<=) 5.1.2
cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*
Matching versions