CVE-2008-5814

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

http://jvn.jp/en/jp/JVN50327700/index.html

http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html

http://marc.info/?l=bugtraq&m=124277349419254&w=2

http://secunia.com/advisories/34830

http://secunia.com/advisories/34933

http://secunia.com/advisories/35003

http://secunia.com/advisories/35007

http://secunia.com/advisories/35108

http://www.debian.org/security/2009/dsa-1789

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.ubuntu.com/usn/USN-761-2

http://www.vupen.com/english/advisories/2009/1338

https://exchange.xforce.ibmcloud.com/vulnerabilities/47496

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501

https://usn.ubuntu.com/761-1/

Details

Source: MITRE

Published: 2009-01-02

Updated: 2018-10-30

Type: CWE-79

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*

cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.2.7 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
67818Oracle Linux 5 : php (ELSA-2009-0338)NessusOracle Linux Local Security Checks
critical
60561Scientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
49829SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6847)NessusSuSE Local Security Checks
high
46015HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple VulnerabilitiesNessusWeb Servers
critical
44892GLSA-201001-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
44687SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6846)NessusSuSE Local Security Checks
high
44686SuSE 11 Security Update : PHP5 (SAT Patch Number 1978)NessusSuSE Local Security Checks
high
44683openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)NessusSuSE Local Security Checks
high
44680openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)NessusSuSE Local Security Checks
high
44678openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)NessusSuSE Local Security Checks
high
43732CentOS 5 : php (CESA-2009:0338)NessusCentOS Local Security Checks
critical
38832HP System Management Homepage < 3.0.1.73 Multiple FlawsNessusCGI abuses
medium
38691Debian DSA-1789-1 : php5 - several vulnerabilitiesNessusDebian Local Security Checks
critical
38194Ubuntu 9.04 : php5 vulnerabilities (USN-761-2)NessusUbuntu Local Security Checks
medium
37849Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : php5 vulnerabilities (USN-761-1)NessusUbuntu Local Security Checks
medium
36098RHEL 5 : php (RHSA-2009:0338)NessusRed Hat Local Security Checks
critical
35067PHP < 5.2.8 Multiple VulnerabilitiesNessusCGI abuses
high