Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0996

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0996
Last Modified 07 Mar 2011 09:31:32
Published 10 Apr 2006 02:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0996

Summary

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

Vulnerable Systems

Application

  • Php 4.4.2

  • Php 5.1.2


References

MLIST - [php-cvs] 20060330 cvs: php-src /ext/standard info.c

CONFIRM - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261

XF - php-phpinfo-long-array-xss(25702)

VUPEN - ADV-2006-2685

VUPEN - ADV-2006-1290

UBUNTU - USN-320-1

BID - 17362

REDHAT - RHSA-2006:0501

CONFIRM - http://www.php.net/ChangeLog-4.php#4.4.3

OSVDB - 24484

SUSE - SUSE-SA:2006:024

MANDRIVA - MDKSA-2006:074

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm

SECTRACK - 1015879

SREASON - 675

SREASONRES - 20060408 phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2

GENTOO - GLSA-200605-08

SECUNIA - 21564

SECUNIA - 21252

SECUNIA - 21125

SECUNIA - 20951

SECUNIA - 20222

SECUNIA - 20210

SECUNIA - 20052

SECUNIA - 19979

SECUNIA - 19832

SECUNIA - 19775

SECUNIA - 19599

REDHAT - RHSA-2006:0549

REDHAT - RHSA-2006:0276

CONFIRM - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c

SGI - 20060501-01-U


Last Updated: 27 May 2016 10:41:52