Lucene search

[email protected]CVE-2006-0996

HistoryApr 10, 2006 - 6:06 p.m.

CVE-2006-0996

2006-04-1018:06:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2006-0996

cross-site scripting

xss

phpinfo

php 5.1.2

php 4.4.2

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.09 Low

EPSS

Percentile

94.6%

JSON

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

Affected configurations

NVD

Node

phpphpMatch4.4.2

phpphpMatch5.1.2

CPENameOperatorVersion
php:phpphpeq4.4.2
php:phpphpeq5.1.2

CPE	Name	Operator	Version
php:php	php	eq	4.4.2
php:php	php	eq	5.1.2

References

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c

cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261

marc.info/?l=php-cvs&m=114374620416389&w=2

rhn.redhat.com/errata/RHSA-2006-0276.html

rhn.redhat.com/errata/RHSA-2006-0549.html

secunia.com/advisories/19599

secunia.com/advisories/19775

secunia.com/advisories/19832

secunia.com/advisories/19979

secunia.com/advisories/20052

secunia.com/advisories/20210

secunia.com/advisories/20222

secunia.com/advisories/20951

secunia.com/advisories/21125

secunia.com/advisories/21252

secunia.com/advisories/21564

security.gentoo.org/glsa/glsa-200605-08.xml

securityreason.com/achievement_securityalert/34

securityreason.com/securityalert/675

securitytracker.com/id?1015879

support.avaya.com/elmodocs2/security/ASA-2006-129.htm

support.avaya.com/elmodocs2/security/ASA-2006-160.htm

www.mandriva.com/security/advisories?name=MDKSA-2006:074

www.novell.com/linux/security/advisories/05-05-2006.html

www.osvdb.org/24484

www.php.net/ChangeLog-4.php#4.4.3

www.redhat.com/support/errata/RHSA-2006-0501.html

www.securityfocus.com/bid/17362

www.ubuntu.com/usn/usn-320-1

www.vupen.com/english/advisories/2006/1290

www.vupen.com/english/advisories/2006/2685

exchange.xforce.ibmcloud.com/vulnerabilities/25702

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.09 Low

EPSS

Percentile

94.6%

JSON

Related for CVE-2006-0996

nvd2 prion1 cvelist1 securityvulns1 ubuntucve1 checkpoint_advisories1 cve1 nessus9 openvas3 gentoo1 suse1 redhat2 centos2 ubuntu1