2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
php is vulnerable to cross-site scripting. A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had “display_errors” enabled, a remote attacker able to set a specially-crafted cookie on a victim’s system could possibly inject arbitrary HTML into an error message generated by PHP.
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
jvn.jp/en/jp/JVN50327700/index.html
jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
marc.info/?l=bugtraq&m=124277349419254&w=2
secunia.com/advisories/34830
secunia.com/advisories/34933
secunia.com/advisories/35003
secunia.com/advisories/35007
secunia.com/advisories/35108
www.debian.org/security/2009/dsa-1789
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2009-0350.html
www.ubuntu.com/usn/USN-761-2
www.vupen.com/english/advisories/2009/1338
access.redhat.com/errata/RHSA-2009:0350
exchange.xforce.ibmcloud.com/vulnerabilities/47496
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501
usn.ubuntu.com/761-1/