CVE-2011-4718

NameCVE-2011-4718
DescriptionSession fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)5.5.2+dfsg-1low

Notes

[wheezy] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
[squeeze] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
5.5.2 implements strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)

Search for package or bug name: Reporting problems