Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3388

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3388
Last Modified 07 Mar 2011 09:26:27
Published 01 Nov 2005 07:47:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3388

Summary

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Vulnerable Systems

Application

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5


References

BID - 15248

CONFIRM - http://www.php.net/release_4_4_1.php

SECUNIA - 17371

VUPEN - ADV-2006-4320

VUPEN - ADV-2005-2254

BUGTRAQ - 20051031 Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()

MISC - http://www.hardened-php.net/advisory_182005.77.html

HP - HPSBMA02159

UBUNTU - USN-232-1

TURBO - TLSA-2006-38

REDHAT - RHSA-2005:838

REDHAT - RHSA-2005:831

OPENPKG - OpenPKG-SA-2005.027

SUSE - SUSE-SR:2005:027

MANDRIVA - MDKSA-2005:213

GENTOO - GLSA-200511-08

FEDORA - FLSA:166943

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm

SECTRACK - 1015130

SREASON - 133

SECUNIA - 22691

SECUNIA - 21252

SECUNIA - 18669

SECUNIA - 18198

SECUNIA - 17559

SECUNIA - 17557

SECUNIA - 17531

SECUNIA - 17510

SECUNIA - 17490

REDHAT - RHSA-2006:0549

HP - SSRT061238


Last Updated: 27 May 2016 11:02:28