PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-0207)
Description
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.