CVE-2011-4718 - Vulnerability Details

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:5.0.0:::::::*
	cpe:2.3:a:php:php:5.0.0:beta1::::::
	cpe:2.3:a:php:php:5.0.0:beta2::::::
	cpe:2.3:a:php:php:5.0.0:beta3::::::
	cpe:2.3:a:php:php:5.0.0:beta4::::::
	cpe:2.3:a:php:php:5.0.0:rc1::::::
	cpe:2.3:a:php:php:5.0.0:rc2::::::
	cpe:2.3:a:php:php:5.0.0:rc3::::::
	cpe:2.3:a:php:php:5.0.1:::::::*
	cpe:2.3:a:php:php:5.0.2:::::::*
	cpe:2.3:a:php:php:5.0.3:::::::*
	cpe:2.3:a:php:php:5.0.4:::::::*
	cpe:2.3:a:php:php:5.0.5:::::::*
	cpe:2.3:a:php:php:5.1.0:::::::*
	cpe:2.3:a:php:php:5.1.1:::::::*
	cpe:2.3:a:php:php:5.1.2:::::::*
	cpe:2.3:a:php:php:5.1.3:::::::*
	cpe:2.3:a:php:php:5.1.4:::::::*
	cpe:2.3:a:php:php:5.1.5:::::::*
	cpe:2.3:a:php:php:5.1.6:::::::*
	cpe:2.3:a:php:php:5.2.0:::::::*
	cpe:2.3:a:php:php:5.2.1:::::::*
	cpe:2.3:a:php:php:5.2.2:::::::*
	cpe:2.3:a:php:php:5.2.3:::::::*
	cpe:2.3:a:php:php:5.2.4:::::::*
	cpe:2.3:a:php:php:5.2.5:::::::*
	cpe:2.3:a:php:php:5.2.6:::::::*
	cpe:2.3:a:php:php:5.2.7:::::::*
	cpe:2.3:a:php:php:5.2.8:::::::*
	cpe:2.3:a:php:php:5.2.9:::::::*
	cpe:2.3:a:php:php:5.2.10:::::::*
	cpe:2.3:a:php:php:5.2.11:::::::*
	cpe:2.3:a:php:php:5.2.12:::::::*
	cpe:2.3:a:php:php:5.2.13:::::::*
	cpe:2.3:a:php:php:5.2.14:::::::*
	cpe:2.3:a:php:php:5.2.15:::::::*
	cpe:2.3:a:php:php:5.2.16:::::::*
	cpe:2.3:a:php:php:5.2.17:::::::*
	cpe:2.3:a:php:php:5.3.0:::::::*
	cpe:2.3:a:php:php:5.3.1:::::::*
	cpe:2.3:a:php:php:5.3.2:::::::*
	cpe:2.3:a:php:php:5.3.3:::::::*
	cpe:2.3:a:php:php:5.3.4:::::::*
	cpe:2.3:a:php:php:5.3.5:::::::*
	cpe:2.3:a:php:php:5.3.6:::::::*
	cpe:2.3:a:php:php:5.3.7:::::::*
	cpe:2.3:a:php:php:5.3.8:::::::*
	cpe:2.3:a:php:php:5.3.9:::::::*
	cpe:2.3:a:php:php:5.3.10:::::::*
	cpe:2.3:a:php:php:5.3.11:::::::*
	cpe:2.3:a:php:php:5.3.12:::::::*
	cpe:2.3:a:php:php:5.3.13:::::::*
	cpe:2.3:a:php:php:5.3.14:::::::*
	cpe:2.3:a:php:php:5.3.15:::::::*
	cpe:2.3:a:php:php:5.3.16:::::::*
	cpe:2.3:a:php:php:5.3.17:::::::*
	cpe:2.3:a:php:php:5.3.18:::::::*
	cpe:2.3:a:php:php:5.3.19:::::::*
	cpe:2.3:a:php:php:5.3.20:::::::*
	cpe:2.3:a:php:php:5.3.21:::::::*
	cpe:2.3:a:php:php:5.3.22:::::::*
	cpe:2.3:a:php:php:5.3.23:::::::*
	cpe:2.3:a:php:php:5.3.24:::::::*
cpe:2.3:a:php:php:5.3.25:::::::*
cpe:2.3:a:php:php:5.3.26:::::::*
cpe:2.3:a:php:php:5.3.27:::::::*
cpe:2.3:a:php:php:5.4.0:::::::*
cpe:2.3:a:php:php:5.4.1:::::::*
cpe:2.3:a:php:php:5.4.2:::::::*
cpe:2.3:a:php:php:5.4.3:::::::*
cpe:2.3:a:php:php:5.4.4:::::::*
cpe:2.3:a:php:php:5.4.5:::::::*
cpe:2.3:a:php:php:5.4.6:::::::*
cpe:2.3:a:php:php:5.4.7:::::::*
cpe:2.3:a:php:php:5.4.8:::::::*
cpe:2.3:a:php:php:5.4.9:::::::*
cpe:2.3:a:php:php:5.4.10:::::::*
cpe:2.3:a:php:php:5.4.11:::::::*
cpe:2.3:a:php:php:5.4.12:::::::*
cpe:2.3:a:php:php:5.4.12:rc1::::::
cpe:2.3:a:php:php:5.4.12:rc2::::::
cpe:2.3:a:php:php:5.4.13:::::::*
cpe:2.3:a:php:php:5.4.13:rc1::::::
cpe:2.3:a:php:php:5.4.14:::::::*
cpe:2.3:a:php:php:5.4.14:rc1::::::
cpe:2.3:a:php:php:5.4.15:rc1::::::
cpe:2.3:a:php:php:5.4.16:rc1::::::
cpe:2.3:a:php:php:5.5.0:alpha1::::::
cpe:2.3:a:php:php:5.5.0:alpha2::::::
cpe:2.3:a:php:php:5.5.0:alpha3::::::
cpe:2.3:a:php:php:5.5.0:alpha4::::::
cpe:2.3:a:php:php:5.5.0:alpha5::::::
cpe:2.3:a:php:php:5.5.0:alpha6::::::
cpe:2.3:a:php:php:5.5.0:beta1::::::
cpe:2.3:a:php:php:5.5.0:beta2::::::
cpe:2.3:a:php:php:5.5.0:beta3::::::
cpe:2.3:a:php:php:5.5.0:beta4::::::
cpe:2.3:a:php:php:5.5.0:rc1::::::
cpe:2.3:a:php:php:5.5.0:rc2::::::

No data.

References

Link	Providers
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde
https://bugs.php.net/bug.php?id=60491
https://nvd.nist.gov/vuln/detail/CVE-2011-4718
https://wiki.php.net/rfc/strict_sessions
https://www.cve.org/CVERecord?id=CVE-2011-4718

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-08-13T01:00:00Z

Updated: 2024-09-16T18:44:19.435Z

Reserved: 2011-12-09T00:00:00Z

Link: CVE-2011-4718

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-08-13T15:04:18.497

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4718

Redhat

Severity : Moderate

Publid Date: 2011-11-23T00:00:00Z

Links: CVE-2011-4718 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-13T01:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.php.net/rfc/strict_sessions"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=60491"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4718", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde"}, {"name": "https://wiki.php.net/rfc/strict_sessions", "refsource": "MISC", "url": "https://wiki.php.net/rfc/strict_sessions"}, {"name": "https://bugs.php.net/bug.php?id=60491", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=60491"}, {"name": "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:16:34.435Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.php.net/rfc/strict_sessions"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=60491"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4718", "datePublished": "2013-08-13T01:00:00Z", "dateReserved": "2011-12-09T00:00:00Z", "dateUpdated": "2024-09-16T18:44:19.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "606D51F5-EF88-4016-A3FA-660224117DB8", "versionEndIncluding": "5.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "79D5336A-14AA-483E-9CBE-A7B53120B925", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "3AADA875-E0EA-483A-A07E-2914FE969972", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "95D48A71-B84E-4B6C-9603-B3373052E568", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "CAAB7D55-F155-43F9-A563-F2E35CFFEF26", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "72243A3F-6BFD-472B-9EA4-82BE4253ED27", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "E415CC22-09CA-47D2-9F1A-0BCA8960835B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "4933D9DD-A630-4A3D-9D13-9E182F5F6F8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "A9E6D530-91FC-42F4-A427-6601238E0187", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "9EC938DB-E066-407F-BDF8-61A1C41136F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "ACDF768D-7F5A-4042-B7DD-398F65F3F094", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "2AF35BB6-C6B1-4683-A8BE-AA72CC34F5B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "EC3F1891-032D-409C-904C-A415D2323DFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "4B13826D-06B2-4A46-AB24-092F6935958D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "1B6528FC-51BE-4E30-B282-D9841553BA26", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "66CF9452-6225-4726-822B-C7CD620A1D6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "A953FF53-1106-42D3-BE4A-4F27C7C42F52", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "D4D2F015-A38D-43C6-ADC6-A0EFCE150071", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "75A8FF8E-A26A-45AD-BD91-9B4822581CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*", "matchCriteriaId": "5F27C2F9-73BE-46EF-B5ED-8D407D22D12E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*", "matchCriteriaId": "EB212796-B71B-4F6B-9156-9C5178FF0931", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "DFBCD79D-3821-4538-B6F1-49F51E5983E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*", "matchCriteriaId": "B66E709F-E34E-4744-8970-0F70F95A8761", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*", "matchCriteriaId": "D20691D0-3102-4E82-BED9-9E7B67F9F778", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*", "matchCriteriaId": "6DA7831F-5F53-4A29-9AB1-913EBD095589", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*", "matchCriteriaId": "F798EC96-FC60-47BA-AE27-8C2261D9E5D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*", "matchCriteriaId": "633BEAF3-C73C-48FC-B623-375B9F79C93D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*", "matchCriteriaId": "965BB50E-7675-43A7-B074-98BCB1EBA311", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*", "matchCriteriaId": "B52F6124-1C8E-4568-BACF-A463064DA48E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*", "matchCriteriaId": "2BA2F96C-A676-4F13-8E41-600461338B1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:*", "matchCriteriaId": "E0FE5746-FA0B-493A-B3A9-DE2A153C5ECA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7B9B8D2-78B7-4B17-955B-741C7A6F6634", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5CA2A940-BD69-4D35-AF12-432CB929248B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "29BD13F9-86C8-44C4-A860-9A87870A518E", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B361FDE-9F6A-4E9A-96F1-619DC56EECB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "3DBD9E7B-1237-47A8-8A07-5CC5246A9C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "6F2BB41E-2096-4291-B0ED-06825FDFE8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "52BA94F7-1AF9-415C-AC21-30BC25C74C5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "D0A739A0-698A-422B-886B-430A79F6E945", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "086E0D24-A43E-4CEA-9FB0-FE193B88CC31", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "EC8D0963-8CA5-4814-9B6D-4E1C3907737B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "77A4B7E0-C872-4E53-AD72-1BB2755E4FDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "EECCD553-53D5-485E-8C21-E2A5070833B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "95357C79-A754-4E0C-B65B-0FA241962B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "25EAF9A9-F7A1-4AC7-BCFD-769BE0FDB537", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "74EA8037-7C22-48B3-9FA2-4BFFFFD513D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "C8D1254E-0C72-4958-BA7F-5B818C3ACB15", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "92994FFC-F362-48AC-9CA8-8EBCAC880C91", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "21131DF1-1EE5-4C84-B1E0-FA75BC39B344", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "0B23F85D-465B-4176-9798-E78AADE421EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "ADEE52B4-8392-4321-8C00-FABA6270E728", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "57D74F58-DB3A-4A70-93CF-B350DB65EF49", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "3D25E591-448C-4E3B-8557-6E48F7571796", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "6DA18F3F-B4B5-40C3-BF19-67C1F0C1787D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3AF783C9-26E7-4E02-BD41-77B9783667E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "EF49701D-ECE4-4CEB-BDAB-24C09C8AD4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "7AEDF6F7-001D-4A35-A26F-417991AD377F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "4031DB99-B4B4-41EC-B3C1-543D92C575A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "D5450EA7-A398-49D2-AA8E-7C95B074BAB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "04FE0E4E-BC94-4DC9-BE9B-DC57B952B2FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "BB8E09D8-9CBE-4279-88B7-24A214A5A537", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "2D41ECCE-887D-49A2-9BB3-B559495AC55B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "79B418BC-27F4-4443-A0F7-FF4ADA568C1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "8EEBDF62-BA1B-4438-9AEA-8B56AA5713E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID."}, {"lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el subsistema Sessions en PHP anterior a v5.5.2 permite a atacantes remotos secuestrar sesiones web especificando un ID de sesi\u00f3n."}], "id": "CVE-2011-4718", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-08-13T15:04:18.497", "references": [{"source": "cve@mitre.org", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f"}, {"source": "cve@mitre.org", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde"}, {"source": "cve@mitre.org", "url": "https://bugs.php.net/bug.php?id=60491"}, {"source": "cve@mitre.org", "url": "https://wiki.php.net/rfc/strict_sessions"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=169b78eb79b0e080b67f9798708eb3771c6d0b2f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=25e8fcc88fa20dc9d4c47184471003f436927cde"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.php.net/bug.php?id=60491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wiki.php.net/rfc/strict_sessions"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "php: session fixation vulnerability allows remote hijacking of sessions", "id": "996774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996774"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "draft"}, "cwe": "CWE-384", "details": ["Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID."], "name": "CVE-2011-4718", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Will not fix", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}], "public_date": "2011-11-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-4718\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4718"], "statement": "This issue affects the version of php and php53 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of php as shipped with Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in future updates. This issue may be mitigated with user code changes as noted in https://wiki.php.net/rfc/strict_sessions#current_solution", "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object