PHP Unspecified Error Condition XSS

2006-01-13T08:47:27
ID OSVDB:22480
Type osvdb
Reporter OSVDB
Modified 2006-01-13T08:47:27

Description

Technical Description

This vulnerability is only present when the display_errors and html_errors PHP options are 'on'.

Solution Description

Upgrade to version 5.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.php.net/ Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 Vendor Specific News/Changelog Entry: http://www.php.net/release_5_1_2.php Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:19355 Secunia Advisory ID:19832 Secunia Advisory ID:20222 Secunia Advisory ID:18697 Secunia Advisory ID:19179 Secunia Advisory ID:20210 Secunia Advisory ID:18431 Secunia Advisory ID:20951 Secunia Advisory ID:21252 Secunia Advisory ID:19012 Secunia Advisory ID:21564 Related OSVDB ID: 22479 Related OSVDB ID: 22478 RedHat RHSA: RHSA-2006:0276 RedHat RHSA: RHSA-2006:0549 RedHat RHSA: RHSA-2006:0501 Other Advisory URL: http://www.ubuntu.com/usn/usn-261-1 FrSIRT Advisory: ADV-2006-0177 CVE-2006-0208