Buffer Overflow Vulnerability in Zend Platform and mod_cluster Module
CVE-2006-4431

Currently unrated

Key Information:

Vendor: Zend
Status: Zend Platform
Vendor: CVE Published:; 29 August 2006

What is CVE-2006-4431?

The Zend Platform and its mod_cluster module are susceptible to multiple buffer overflow vulnerabilities. These issues arise from improper handling of PHP session identifiers, allowing remote attackers to exploit the system. By sending an empty or specially crafted PHP session identifier, an attacker can either crash the service, resulting in a denial of service, or execute arbitrary code, potentially compromising the entire application.

References

http://www.osvdb.org/28231

vdb-entryx_refsource_OSVDB

http://www.osvdb.org/28230

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/archive/1/444263/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2006
Vulnerability Reserved
Aug 28, 2006