Lucene search

K

[email protected]CVE-2005-3388

HistoryNov 01, 2005 - 12:47 p.m.

CVE-2005-3388

2005-11-0112:47:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

82

cve

php

xss

vulnerability

web security

remote attack

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.826 High

EPSS

Percentile

98.4%

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a “stacked array assignment.”

CPENameOperatorVersion
php:phpphpeq4.3.9
php:phpphpeq4.2.0
php:phpphpeq5.0.0
php:phpphpeq4.1.0
php:phpphpeq4.3.4
php:phpphpeq4.0.4
php:phpphpeq4.3.0
php:phpphpeq4.0.5
php:phpphpeq5.0.5
php:phpphpeq4.3.6

Rows per page:

1-10 of 351

References

itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

rhn.redhat.com/errata/RHSA-2006-0549.html

secunia.com/advisories/17371

secunia.com/advisories/17490

secunia.com/advisories/17510

secunia.com/advisories/17531

secunia.com/advisories/17557

secunia.com/advisories/17559

secunia.com/advisories/18198

secunia.com/advisories/18669

secunia.com/advisories/21252

secunia.com/advisories/22691

securityreason.com/securityalert/133

securitytracker.com/id?1015130

support.avaya.com/elmodocs2/security/ASA-2006-037.htm

www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html

www.gentoo.org/security/en/glsa/glsa-200511-08.xml

www.hardened-php.net/advisory_182005.77.html

www.mandriva.com/security/advisories?name=MDKSA-2005:213

www.novell.com/linux/security/advisories/2005_27_sr.html

www.openpkg.org/security/OpenPKG-SA-2005.027-php.html

www.php.net/release_4_4_1.php

www.redhat.com/support/errata/RHSA-2005-831.html

www.redhat.com/support/errata/RHSA-2005-838.html

www.securityfocus.com/archive/1/415292

www.securityfocus.com/bid/15248

www.turbolinux.com/security/2006/TLSA-2006-38.txt

www.vupen.com/english/advisories/2005/2254

www.vupen.com/english/advisories/2006/4320

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE/

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10542

www.ubuntu.com/usn/usn-232-1/

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.826 High

EPSS

Percentile

98.4%

Related for CVE-2005-3388

fedora1 openvas5 ubuntucve2 nessus10 prion1 securityvulns2 cve1 redhat2 centos3 gentoo1 ubuntu1