[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247085

 
 

909

 
 

194218

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0996Date: (C)2006-04-10   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1015879
BID-17362
SECUNIA-19599
SECUNIA-19775
SECUNIA-19832
SECUNIA-19979
SECUNIA-20052
http://securityreason.com/achievement_securityalert/34
20060501-01-U
SECUNIA-20210
SECUNIA-20222
SECUNIA-20951
SECUNIA-21125
SECUNIA-21252
SECUNIA-21564
OSVDB-24484
SREASON-675
ADV-2006-1290
ADV-2006-2685
GLSA-200605-08
MDKSA-2006:074
RHSA-2006:0276
RHSA-2006:0501
RHSA-2006:0549
SUSE-SA:2006:024
USN-320-1
http://marc.info/?l=php-cvs&m=114374620416389&w=2
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://www.php.net/ChangeLog-4.php#4.4.3
oval:org.mitre.oval:def:10997
php-phpinfo-long-array-xss(25702)

CPE    2
cpe:/a:php:php:4.4.2
cpe:/a:php:php:5.1.2
CWE    1
CWE-79

© SecPod Technologies