Lucene search

[email protected]NVD:CVE-2006-3017

HistoryJun 14, 2006 - 11:02 p.m.

CVE-2006-3017

2006-06-1423:02:00

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable’s value to be used in security-relevant operations.

Affected configurations

NVD

Node

phpphpRange≤4.4.2

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0rc1

phpphpMatch4.0rc2

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.3patch1

phpphpMatch4.0.4

phpphpMatch4.0.4patch1

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2dev

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch5.0rc1

phpphpMatch5.0rc2

phpphpMatch5.0rc3

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatchpl1

References

ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U

archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html

cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2

cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log

rhn.redhat.com/errata/RHSA-2006-0549.html

secunia.com/advisories/19927

secunia.com/advisories/21031

secunia.com/advisories/21050

secunia.com/advisories/21125

secunia.com/advisories/21135

secunia.com/advisories/21202

secunia.com/advisories/21252

secunia.com/advisories/21723

secunia.com/advisories/22225

secunia.com/advisories/22713

securitytracker.com/id?1016306

securitytracker.com/id?1016649

support.avaya.com/elmodocs2/security/ASA-2006-175.htm

www.debian.org/security/2006/dsa-1206

www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html

www.mandriva.com/security/advisories?name=MDKSA-2006:122

www.novell.com/linux/security/advisories/2006_31_php.html

www.novell.com/linux/security/advisories/2006_34_php4.html

www.osvdb.org/25255

www.osvdb.org/26466

www.php.net/release_5_1_3.php

www.redhat.com/support/errata/RHSA-2006-0567.html

www.redhat.com/support/errata/RHSA-2006-0568.html

www.securityfocus.com/archive/1/442437/100/0/threaded

www.securityfocus.com/archive/1/447866/100/0/threaded

www.securityfocus.com/bid/17843

www.turbolinux.com/security/2006/TLSA-2006-38.txt

exchange.xforce.ibmcloud.com/vulnerabilities/27396

issues.rpath.com/browse/RPL-683

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118

usn.ubuntu.com/320-1/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for NVD:CVE-2006-3017

nessus9 ubuntucve4 cve14 cvelist13 nvd13 suse2 prion4 debiancve2 redhat2 centos2 openvas3 debian1 osv1 ubuntu1