PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2002-03-22T10:00:00

Reserved: 2002-03-15T00:00:00


Link: CVE-2002-0121

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2002-03-25T05:00:00.000

Modified: 2008-09-11T00:00:32.853


Link: CVE-2002-0121

JSON object: View

cve-icon Redhat Information

No data.