6.3 Medium
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.247 Low
EPSS
Percentile
96.6%
The phpinfo() PHP function did not properly sanitize long strings. A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). Please note that it is not recommended to publicly expose
phpinfo(). (CVE-2006-0996)
An information disclosure has been reported in the
html_entity_decode() function. A script which uses this function to
process arbitrary user-supplied input could be exploited to expose a
random part of memory, which could potentially reveal sensitive data.
(CVE-2006-1490)
The wordwrap() function did not sufficiently check the validity of the
โbreakโ argument. An attacker who could control the string passed to
the โbreakโ parameter could cause a heap overflow; however, this
should not happen in practical applications. (CVE-2006-1990)
The substr_compare() function did not sufficiently check the validity
of the โoffsetโ argument. A script which passes untrusted user-defined
values to this parameter could be exploited to crash the PHP
interpreter. (CVE-2006-1991)
In certain situations, using unset() to delete a hash entry could
cause the deletion of the wrong element, which would leave the
specified variable defined. This could potentially cause information
disclosure in security-relevant operations. (CVE-2006-3017)
In certain situations the session module attempted to close a data
file twice, which led to memory corruption. This could potentially be
exploited to crash the PHP interpreter, though that could not be
verified. (CVE-2006-3018)
This update also fixes various bugs which allowed local scripts
to bypass open_basedir and โsafe modeโ restrictions by passing special
arguments to tempnam() (CVE-2006-1494, CVE-2006-2660), copy()
(CVE-2006-1608), the curl module (CVE-2006-2563), or error_log()
(CVE-2006-3011).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 6.06 | noarch | php5-cli | <ย 5.1.2-1ubuntu3.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | php5-cgi | <ย 5.1.2-1ubuntu3.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | libapache2-mod-php5 | <ย 5.1.2-1ubuntu3.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | php5-curl | <ย 5.1.2-1ubuntu3.1 | UNKNOWN |
Ubuntu | 5.10 | noarch | php5-cli | <ย 5.0.5-2ubuntu1.3 | UNKNOWN |
Ubuntu | 5.10 | noarch | php5-cgi | <ย 5.0.5-2ubuntu1.3 | UNKNOWN |
Ubuntu | 5.10 | noarch | libapache2-mod-php5 | <ย 5.0.5-2ubuntu1.3 | UNKNOWN |
Ubuntu | 5.10 | noarch | php5-curl | <ย 5.0.5-2ubuntu1.3 | UNKNOWN |
Ubuntu | 5.04 | noarch | libapache2-mod-php4 | <ย 4:4.3.10-10ubuntu4.5 | UNKNOWN |
Ubuntu | 5.04 | noarch | php4-cgi | <ย 4:4.3.10-10ubuntu4.5 | UNKNOWN |
ubuntu.com/security/CVE-2006-0996
ubuntu.com/security/CVE-2006-1490
ubuntu.com/security/CVE-2006-1494
ubuntu.com/security/CVE-2006-1608
ubuntu.com/security/CVE-2006-1990
ubuntu.com/security/CVE-2006-1991
ubuntu.com/security/CVE-2006-2563
ubuntu.com/security/CVE-2006-2660
ubuntu.com/security/CVE-2006-3011
ubuntu.com/security/CVE-2006-3016
ubuntu.com/security/CVE-2006-3018