{"api_version":"1","generated_at":"2026-05-07T03:02:16+00:00","cve":"CVE-2006-3016","urls":{"html":"https://cve.report/CVE-2006-3016","api":"https://cve.report/api/cve/CVE-2006-3016.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3016","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3016"},"summary":{"title":"CVE-2006-3016","description":"Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to \"certain characters in session names,\" including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.  NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-14 23:02:00","updated_at":"2018-10-18 16:45:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:122","name":"MDKSA-2006:122","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22069","name":"22069","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat update for php - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22440","name":"22440","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Avaya Products PHP Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/447866/100/0/threaded","name":"20061005 rPSA-2006-0182-1 php php-mysql php-pgsql","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22487","name":"22487","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016306","name":"1016306","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - PHP Input Validation Hole Permits Cross-Site Scripting Attacks and Other Bugs Have Unspecified Impact","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22004","name":"22004","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat update for php - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm","refsource":"CONFIRM","tags":[],"title":"ASA-2006-222 (RHSA-2006-0669)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/25253","name":"25253","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.ubuntu.com/usn/usn-320-1","name":"USN-320-1","refsource":"UBUNTU","tags":[],"title":"usn/usn-320-1 - Ubuntu: Linux for human beings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.php.net/release_5_1_3.php","name":"http://www.php.net/release_5_1_3.php","refsource":"CONFIRM","tags":[],"title":"PHP: PHP 5.1.3 Release Announcement","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22225","name":"22225","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"rPath update for php - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2006-0669.html","name":"RHSA-2006:0669","refsource":"REDHAT","tags":[],"title":"access.redhat.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc","name":"20061001-01-P","refsource":"SGI","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/23247","name":"23247","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Red Hat Stronghold update for php - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm","refsource":"CONFIRM","tags":[],"title":"ASA-2006-221 (RHSA-2006-0682)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17843","name":"17843","refsource":"BID","tags":["Exploit","Patch"],"title":"PHP Multiple Unspecified Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.redhat.com/support/errata/RHSA-2006-0682.html","name":"RHSA-2006:0682","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2006-0736.html","name":"RHSA-2006:0736","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/19927","name":"19927","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"PHP Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21050","name":"21050","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Mandriva update for php - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.turbolinux.com/security/2006/TLSA-2006-38.txt","name":"TLSA-2006-38","refsource":"TURBO","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597","name":"oval:org.mitre.oval:def:10597","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-683","name":"https://issues.rpath.com/browse/RPL-683","refsource":"CONFIRM","tags":[],"title":"[#RPL-683] Multiple Vulnerabilities in PHP CVE-2006-1494 CVE-2006-1990 CVE-2006-3016 CVE-2006-3017 CVE-2006-4482 CVE-2006-4484 CVE-2006-4486 - rPath JIRA","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3016","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3016","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3016","vulnerable":"1","versionEndIncluding":"5.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php_group","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3016","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to \"certain characters in session names,\" including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.  NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name()."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://issues.rpath.com/browse/RPL-683","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-683"},{"name":"RHSA-2006:0669","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2006-0669.html"},{"name":"oval:org.mitre.oval:def:10597","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10597"},{"name":"22487","refsource":"SECUNIA","url":"http://secunia.com/advisories/22487"},{"name":"http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm","refsource":"CONFIRM","url":"http://support.avaya.com/elmodocs2/security/ASA-2006-221.htm"},{"name":"TLSA-2006-38","refsource":"TURBO","url":"http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"},{"name":"21050","refsource":"SECUNIA","url":"http://secunia.com/advisories/21050"},{"name":"23247","refsource":"SECUNIA","url":"http://secunia.com/advisories/23247"},{"name":"22004","refsource":"SECUNIA","url":"http://secunia.com/advisories/22004"},{"name":"http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm","refsource":"CONFIRM","url":"http://support.avaya.com/elmodocs2/security/ASA-2006-222.htm"},{"name":"RHSA-2006:0682","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2006-0682.html"},{"name":"USN-320-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-320-1"},{"name":"http://www.php.net/release_5_1_3.php","refsource":"CONFIRM","url":"http://www.php.net/release_5_1_3.php"},{"name":"22440","refsource":"SECUNIA","url":"http://secunia.com/advisories/22440"},{"name":"20061005 rPSA-2006-0182-1 php php-mysql php-pgsql","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/447866/100/0/threaded"},{"name":"22069","refsource":"SECUNIA","url":"http://secunia.com/advisories/22069"},{"name":"22225","refsource":"SECUNIA","url":"http://secunia.com/advisories/22225"},{"name":"MDKSA-2006:122","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2006:122"},{"name":"25253","refsource":"OSVDB","url":"http://www.osvdb.org/25253"},{"name":"19927","refsource":"SECUNIA","url":"http://secunia.com/advisories/19927"},{"name":"1016306","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016306"},{"name":"20061001-01-P","refsource":"SGI","url":"ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"},{"name":"17843","refsource":"BID","url":"http://www.securityfocus.com/bid/17843"},{"name":"RHSA-2006:0736","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2006-0736.html"}]}},"nvd":{"publishedDate":"2006-06-14 23:02:00","lastModifiedDate":"2018-10-18 16:45:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php_group:php:*:*:*:*:*:*:*:*","versionEndIncluding":"5.1.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3016","Ordinal":"18340","Title":"CVE-2006-3016","CVE":"CVE-2006-3016","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3016","Ordinal":"1","NoteData":"Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to \"certain characters in session names,\" including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.  NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3016","Ordinal":"2","NoteData":"2006-06-14","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3016","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}