Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-5016
HistoryNov 12, 2010 - 12:00 a.m.

CVE-2009-5016

2010-11-1200:00:00
ubuntu.com
ubuntu.com
7

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP
before 5.2.11 makes it easier for remote attackers to bypass cross-site
scripting (XSS) and SQL injection protection mechanisms via a crafted
string that uses overlong UTF-8 encoding, a different vulnerability than
CVE-2010-3870.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.20UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.13UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.6UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%