Lucene search

K
redhatRedHatRHSA-2006:0731
HistoryNov 10, 2006 - 12:00 a.m.

(RHSA-2006:0731) Important: php security update

2006-11-1000:00:00
access.redhat.com
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.492 Medium

EPSS

Percentile

97.2%

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The Hardened-PHP Project discovered an overflow in the PHP htmlentities()
and htmlspecialchars() routines. If a PHP script used the vulnerable
functions to parse UTF-8 data, a remote attacker sending a carefully
crafted request could trigger the overflow and potentially execute
arbitrary code as the ‘apache’ user. (CVE-2006-5465)

Users of PHP should upgrade to these updated packages which contain a
backported patch to correct this issue.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.492 Medium

EPSS

Percentile

97.2%

Related for RHSA-2006:0731