Lucene search

PRIOn knowledge basePRION:CVE-2006-0996

HistoryApr 10, 2006 - 6:06 p.m.

Cross site scripting

2006-04-1018:06:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.09 Low

EPSS

Percentile

94.4%

JSON

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

CPENameOperatorVersion
phpeq5.1.2
phpeq4.4.2

CPE	Name	Operator	Version
	php	eq	5.1.2
	php	eq	4.4.2

References

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c

cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261

rhn.redhat.com/errata/RHSA-2006-0276.html

rhn.redhat.com/errata/RHSA-2006-0549.html

secunia.com/advisories/19599

secunia.com/advisories/19775

secunia.com/advisories/19832

secunia.com/advisories/19979

secunia.com/advisories/20052

secunia.com/advisories/20210

secunia.com/advisories/20222

secunia.com/advisories/20951

secunia.com/advisories/21125

secunia.com/advisories/21252

secunia.com/advisories/21564

security.gentoo.org/glsa/glsa-200605-08.xml

securityreason.com/achievement_securityalert/34

securityreason.com/securityalert/675

securitytracker.com/id?1015879

support.avaya.com/elmodocs2/security/ASA-2006-129.htm

support.avaya.com/elmodocs2/security/ASA-2006-160.htm

www.mandriva.com/security/advisories?name=MDKSA-2006:074

www.novell.com/linux/security/advisories/05-05-2006.html

www.osvdb.org/24484

www.php.net/ChangeLog-4.php

www.redhat.com/support/errata/RHSA-2006-0501.html

www.securityfocus.com/bid/17362

www.ubuntu.com/usn/usn-320-1

www.vupen.com/english/advisories/2006/1290

www.vupen.com/english/advisories/2006/2685

exchange.xforce.ibmcloud.com/vulnerabilities/25702

marc.info/?l=php-cvs&m=114374620416389&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.09 Low

EPSS

Percentile

94.4%

JSON

Related for PRION:CVE-2006-0996