834813 – (CVE-2011-4718) VUL-1: CVE-2011-4718: php5: session fixation vulnerability in the Sessions subsystem

Bug 834813 (CVE-2011-4718) - VUL-1: CVE-2011-4718: php5: session fixation vulnerability in the Sessions subsystem

Summary: VUL-1: CVE-2011-4718: php5: session fixation vulnerability in the Sessions su...

Status:	RESOLVED WONTFIX

Alias:	CVE-2011-4718

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Petr Gajdos
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-08-14 10:16 UTC by Matthias Weckbecker
Modified:	2014-05-09 15:11 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2013-08-14 10:16:23 UTC

Quoted from mitre.org [1]:

  "Session fixation vulnerability in the Sessions subsystem in PHP before
   5.5.2 allows remote attackers to hijack web sessions by specifying a
   session ID."

Commits to address this issue available at git.php.net [2] / [3].

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4718
[2] http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f97
98708eb3771c6d0b2f
[3] http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c471
84471003f436927cde

Comment 1 Swamp Workflow Management 2013-08-14 22:00:20 UTC

bugbot adjusting priority

Comment 5 Matthias Weckbecker 2013-09-30 12:50:27 UTC

feature