PublicDate: 2007-11-20 19:46:00 UTC
Candidate: CVE-2007-5899
References: 
 https://ubuntu.com/security/notices/USN-549-1
 https://ubuntu.com/security/notices/USN-628-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
Description:
 The output_add_rewrite_var function in PHP before 5.2.5 rewrites local
 forms in which the ACTION attribute references a non-local URL, which
 allows remote attackers to obtain potentially sensitive information by
 reading the requests for this URL, as demonstrated by a rewritten form
 containing a local session ID.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 
upstream_php5: released (5.2.5)
dapper_php5: released (5.1.2-1ubuntu3.10)
edgy_php5: released (5.1.6-1ubuntu2.7)
feisty_php5: released (5.2.1-0ubuntu1.5)
gutsy_php5: released (5.2.3-1ubuntu6.1)
hardy_php5: released (5.2.4-2ubuntu5.3)
devel_php5: not-affected (5.2.6-1ubuntu1)