Unrated severityNVD Advisory· Published Jan 13, 2006· Updated Apr 16, 2026
CVE-2006-0207
CVE-2006-0207
Description
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
Affected products
11cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- secunia.com/advisories/18431nvdPatchVendor Advisory
- secunia.com/advisories/18697nvdPatchVendor Advisory
- secunia.com/advisories/19179nvdPatchVendor Advisory
- secunia.com/advisories/19355nvdPatchVendor Advisory
- securitytracker.com/idnvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200603-22.xmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/16220nvdPatch
- secunia.com/advisories/19012nvdVendor Advisory
- www.hardened-php.net/advisory_012006.112.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2006/0177nvdVendor Advisory
- www.vupen.com/english/advisories/2006/0369nvdVendor Advisory
- lists.suse.de/archive/suse-security-announce/2006-Feb/0008.htmlnvd
- secunia.com/advisories/25945nvd
- www.debian.org/security/2007/dsa-1331nvd
- www.mandriva.com/security/advisoriesnvd
- www.php.net/release_5_1_2.phpnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24094nvd
- usn.ubuntu.com/261-1/nvd
News mentions
0No linked articles in our index yet.