Family: Debian Local Security Checks --> Category: infos
[DSA351] DSA-351-1 php4 Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The transparent session ID feature in the php4 package does not
properly escape user-supplied input before inserting it into the
generated HTML page. A possible hacker could use this vulnerability to
execute embedded scripts within the context of the generated page.
For the stable distribution (woody) this problem has been fixed in
For the unstable distribution (sid) this problem will be fixed soon.
Refer to Debian bug #200736.
We recommend that you update your php4 package.
Solution : http://www.debian.org/security/2003/dsa-351
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.