Session Identifier Exposure in PEAR HTML_QuickForm_Controller by PEAR
CVE-2005-4731

Currently unrated

Key Information:

Vendor

The PHP Group

Status
Pear Html Quickform Controller
Vendor
CVE Published:
31 December 2005

What is CVE-2005-4731?

The PEAR HTML_QuickForm_Controller version 1.0.4 has a vulnerability where the Session Identifier (SID) is exposed within the URL, even when the session.use_only_cookies setting is active. This flaw permits remote attackers to capture the SID through the HTTP Referer header, which can lead to unauthorized access and session hijacking. It is crucial for administrators using this component to take immediate action to mitigate the risks associated with this exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://pear.php.net/package/HTML_QuickForm_Controller/dow...
x_refsource_CONFIRM
http://www.osvdb.org/23766
vdb-entryx_refsource_OSVDB
http://pear.php.net/bugs/bug.php?id=3443
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.