CVE-2006-0208

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

References

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

http://rhn.redhat.com/errata/RHSA-2006-0276.html

http://rhn.redhat.com/errata/RHSA-2006-0549.html

http://secunia.com/advisories/18431

http://secunia.com/advisories/18697

http://secunia.com/advisories/19012

http://secunia.com/advisories/19179

http://secunia.com/advisories/19355

http://secunia.com/advisories/19832

http://secunia.com/advisories/20210

http://secunia.com/advisories/20222

http://secunia.com/advisories/20951

http://secunia.com/advisories/21252

http://secunia.com/advisories/21564

http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm

http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:028

http://www.php.net/ChangeLog-4.php#4.4.2

http://www.php.net/release_5_1_2.php

http://www.redhat.com/support/errata/RHSA-2006-0501.html

http://www.securityfocus.com/bid/16803

http://www.vupen.com/english/advisories/2006/0177

http://www.vupen.com/english/advisories/2006/0369

http://www.vupen.com/english/advisories/2006/2685

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064

https://usn.ubuntu.com/261-1/

Details

Source: MITRE

Published: 2006-01-13

Updated: 2018-10-30

Type: CWE-79

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
17712PHP 5.1.x < 5.1.2 Multiple VulnerabilitiesNessusCGI abuses
high
17709PHP < 4.4.2 Multiple XSS VulnerabilitiesNessusCGI abuses : XSS
low
21897CentOS 3 / 4 : php (CESA-2006:0276)NessusCentOS Local Security Checks
high
21594RHEL 2.1 : php (RHSA-2006:0501)NessusRed Hat Local Security Checks
high
21287RHEL 3 / 4 : php (RHSA-2006:0276)NessusRed Hat Local Security Checks
high
21129GLSA-200603-22 : PHP: Format string and XSS vulnerabilitiesNessusGentoo Local Security Checks
medium
21068Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-261-1)NessusUbuntu Local Security Checks
medium
20849Mandrake Linux Security Advisory : php (MDKSA-2006:028)NessusMandriva Local Security Checks
medium
3251UW-IMAP Quote String Buffer OverflowNessus Network MonitorIMAP Servers
medium