PHP 5 User-Supplied Session ID Input Validation Vulnerability

PHP 5 User-Supplied Session ID Input Validation Vulnerability

PHP 5 is prone to an input-validation vulnerability. This is due to a lack of proper sanitization of user-supplied input of PHP session IDs, transmitted by way of HTTP headers.

An attacker may use this vulnerability to perform HTTP response splitting, often resulting in content spoofing and cross-site scripting attacks.

PHP 5.1.1 and prior versions are affected.