CVE-2003-0442 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2003-0442
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2003-0442

Description: Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/12259 TURBO http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt ST 1008653 SCO REDHAT http://www.redhat.com/support/errata/RHSA-2003-204.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:485 OSVDB 4758 MISC http://shh.thathost.com/secadv/2003-05-11-php.txt MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2003:082 DEBIAN http://www.debian.org/security/2003/dsa-351 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691 CIAC http://www.ciac.org/ciac/bulletins/n-112.shtml BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=105760591228031&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=105449314612963&w=2 BID 7761

Return to the previous page.