Vulnerability Description
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The Php Group | Pear Html Quickform Controller | 1.0.4 |
References
- http://pear.php.net/bugs/bug.php?id=3443
- http://pear.php.net/package/HTML_QuickForm_Controller/download
- http://www.osvdb.org/23766
- http://pear.php.net/bugs/bug.php?id=3443
- http://pear.php.net/package/HTML_QuickForm_Controller/download
- http://www.osvdb.org/23766
FAQ
What is CVE-2005-4731?
CVE-2005-4731 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Refere...
How severe is CVE-2005-4731?
CVE-2005-4731 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4731?
Check the references section above for vendor advisories and patch information. Affected products include: The Php Group Pear Html Quickform Controller.