CVE-2006-0208

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2006-0208
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.php.net/release_5_1_2.php Patch
http://secunia.com/advisories/18431 Patch Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
http://secunia.com/advisories/18697 Patch Vendor Advisory
http://www.securityfocus.com/bid/16803 Patch
http://secunia.com/advisories/19179 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch Vendor Advisory
http://secunia.com/advisories/19355 Patch Vendor Advisory
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://secunia.com/advisories/19012 Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://secunia.com/advisories/19832 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0501.html Vendor Advisory
http://secunia.com/advisories/20222 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://secunia.com/advisories/20951 Vendor Advisory
http://secunia.com/advisories/21252 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://secunia.com/advisories/21564 Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0549.html Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://secunia.com/advisories/20210 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
http://www.php.net/ChangeLog-4.php#4.4.2
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2685 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
https://usn.ubuntu.com/261-1/
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
Information

Published : 2006-01-13 15:03

Updated : 2018-10-30 09:25

NVD link : CVE-2006-0208

Mitre link : CVE-2006-0208

JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa
Products Affected

php

  • php