[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1490Date: (C)2006-03-29   (M)2023-12-22


PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-17296
SECUNIA-19383
SECUNIA-19499
SECUNIA-19570
SECUNIA-19832
SECUNIA-19979
SECUNIA-20052
2006-0020
http://www.securityfocus.com/archive/1/429164/100/0/threaded
http://www.securityfocus.com/archive/1/429162/100/0/threaded
20060501-01-U
SECUNIA-20210
SECUNIA-20951
SECUNIA-21125
SECUNIA-23155
ADV-2006-1149
ADV-2006-2685
ADV-2006-4750
APPLE-SA-2006-11-28
GLSA-200605-08
MDKSA-2006:063
RHSA-2006:0276
SUSE-SA:2006:024
TA06-333A
USN-320-1
http://bugs.gentoo.org/show_bug.cgi?id=127939
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
oval:org.mitre.oval:def:11084
php-htmlentitydecode-information-disclosure(25508)

CPE    65
cpe:/a:php:php:5.0.0:rc3
cpe:/a:php:php:3.0
cpe:/a:php:php:5.0.0:rc2
cpe:/a:php:php:5.0.0:rc1
...

© SecPod Technologies