Package: php4 Version: 4:4.3.10-16 Severity: normal Tags: security Ref: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
Description: Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. Vulnerable PHP versions: CVE report lists 5.1.1, however versions prior to PHP version 4.4.2 are also vulnerable according to: http://www.frsirt.com/english/advisories/2006/0177
