CVE-2003-0442

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
References
Link Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
http://marc.info/?l=bugtraq&m=105449314612963&w=2
http://marc.info/?l=bugtraq&m=105760591228031&w=2
http://shh.thathost.com/secadv/2003-05-11-php.txt Exploit Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/n-112.shtml
http://www.debian.org/security/2003/dsa-351
http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
http://www.osvdb.org/4758
http://www.redhat.com/support/errata/RHSA-2003-204.html Patch Vendor Advisory
http://www.securityfocus.com/bid/7761
http://www.securitytracker.com/id?1008653
http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/12259
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
http://marc.info/?l=bugtraq&m=105449314612963&w=2
http://marc.info/?l=bugtraq&m=105760591228031&w=2
http://shh.thathost.com/secadv/2003-05-11-php.txt Exploit Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/n-112.shtml
http://www.debian.org/security/2003/dsa-351
http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
http://www.osvdb.org/4758
http://www.redhat.com/support/errata/RHSA-2003-204.html Patch Vendor Advisory
http://www.securityfocus.com/bid/7761
http://www.securitytracker.com/id?1008653
http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/12259
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:44

Type Values Removed Values Added
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691 -
References () http://marc.info/?l=bugtraq&m=105449314612963&w=2 - () http://marc.info/?l=bugtraq&m=105449314612963&w=2 -
References () http://marc.info/?l=bugtraq&m=105760591228031&w=2 - () http://marc.info/?l=bugtraq&m=105760591228031&w=2 -
References () http://shh.thathost.com/secadv/2003-05-11-php.txt - Exploit, Patch, Vendor Advisory () http://shh.thathost.com/secadv/2003-05-11-php.txt - Exploit, Patch, Vendor Advisory
References () http://www.ciac.org/ciac/bulletins/n-112.shtml - () http://www.ciac.org/ciac/bulletins/n-112.shtml -
References () http://www.debian.org/security/2003/dsa-351 - () http://www.debian.org/security/2003/dsa-351 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2003:082 - () http://www.mandriva.com/security/advisories?name=MDKSA-2003:082 -
References () http://www.osvdb.org/4758 - () http://www.osvdb.org/4758 -
References () http://www.redhat.com/support/errata/RHSA-2003-204.html - Patch, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2003-204.html - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/7761 - () http://www.securityfocus.com/bid/7761 -
References () http://www.securitytracker.com/id?1008653 - () http://www.securitytracker.com/id?1008653 -
References () http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt - () http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/12259 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/12259 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485 -

Information

Published : 2003-07-24 04:00

Updated : 2024-11-20 23:44


NVD link : CVE-2003-0442

Mitre link : CVE-2003-0442

CVE.ORG link : CVE-2003-0442


JSON object : View

Products Affected

php

  • php

redhat

  • linux