Lucene search

[email protected]CVE-2007-1287

HistoryMar 06, 2007 - 8:19 p.m.

CVE-2007-1287

2007-03-0620:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

375

cve-2007-1287

phpinfo function

php

cross-site scripting

xss

nvd

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%

JSON

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

CPENameOperatorVersion
php:phpphpeq4.4.4
php:phpphpeq6.0
php:phpphpeq4.4.5
php:phpphpeq4.4.6

CPE	Name	Operator	Version
php:php	php	eq	4.4.4
php:php	php	eq	6.0
php:php	php	eq	4.4.5
php:php	php	eq	4.4.6

References

docs.info.apple.com/article.html?artnum=306172

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

secunia.com/advisories/26235

us2.php.net/releases/4_4_7.php

www.osvdb.org/32774

www.php-security.org/MOPB/MOPB-08-2007.html

www.securityfocus.com/bid/25159

www.vupen.com/english/advisories/2007/2732

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2007-1287

prion1 securityvulns2 ubuntucve2 redhatcve1 openvas5 cve1 nessus11 fedora1 centos3 redhat2 gentoo1 ubuntu1 seebug1