CVE-2011-4718

NameCVE-2011-4718
DescriptionSession fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)jessie, jessie (lts)5.6.40+dfsg-0+deb8u21fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)5.5.2+dfsg-1low

Notes

[wheezy] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
[squeeze] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
5.5.2 implements strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)

Search for package or bug name: Reporting problems