[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5898Date: (C)2007-11-20   (M)2024-02-22


The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018934
SECUNIA-27648
SECUNIA-27659
SECUNIA-27864
SECUNIA-28249
SECUNIA-28658
SECUNIA-30040
SECUNIA-30828
SECUNIA-31119
SECUNIA-31124
SECUNIA-31200
DSA-1444
FEDORA-2008-3864
MDVSA-2008:125
MDVSA-2008:126
MDVSA-2008:127
RHSA-2008:0505
RHSA-2008:0544
RHSA-2008:0545
RHSA-2008:0546
RHSA-2008:0582
SSRT080056
SUSE-SA:2008:004
USN-549-1
USN-549-2
USN-628-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
http://www.php.net/ChangeLog-5.php#5.2.5
http://www.php.net/releases/5_2_5.php
https://issues.rpath.com/browse/RPL-1943
https://launchpad.net/bugs/173043
oval:org.mitre.oval:def:10080

CPE    1
cpe:/a:php:php
OVAL    3
oval:org.secpod.oval:def:301343
oval:org.secpod.oval:def:301251
oval:org.mitre.oval:def:7538

© SecPod Technologies