| Vulnerability Name: | CVE-2006-0208 |
| Assigned: | 2006-01-12 |
| Published: | 2006-01-12 |
| Updated: | 2018-10-30 |
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. |
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-79
|
| References: | Source: SGI
Type: UNKNOWN
20060501-01-U
Source: MITRE
Type: CNA
CVE-2006-0208
Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:004
Source: REDHAT
Type: UNKNOWN
RHSA-2006:0276
Source: REDHAT
Type: Vendor Advisory
RHSA-2006:0549
Source: SECUNIA
Type: Patch, Vendor Advisory
18431
Source: SECUNIA
Type: Patch, Vendor Advisory
18697
Source: SECUNIA
Type: Vendor Advisory
19012
Source: SECUNIA
Type: Patch, Vendor Advisory
19179
Source: SECUNIA
Type: Patch, Vendor Advisory
19355
Source: SECUNIA
Type: Vendor Advisory
19832
Source: SECUNIA
Type: Vendor Advisory
20210
Source: SECUNIA
Type: Vendor Advisory
20222
Source: SECUNIA
Type: Vendor Advisory
20951
Source: SECUNIA
Type: Vendor Advisory
21252
Source: SECUNIA
Type: Vendor Advisory
21564
Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200603-22
Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:028
Source: CONFIRM
Type: UNKNOWN
http://www.php.net/ChangeLog-4.php#4.4.2
Source: CONFIRM
Type: Patch
http://www.php.net/release_5_1_2.php
Source: REDHAT
Type: Vendor Advisory
RHSA-2006:0501
Source: BID
Type: Patch
16803
Source: VUPEN
Type: Vendor Advisory
ADV-2006-0177
Source: VUPEN
Type: Vendor Advisory
ADV-2006-0369
Source: VUPEN
Type: Vendor Advisory
ADV-2006-2685
Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10064
Source: UBUNTU
Type: UNKNOWN
USN-261-1
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*OR cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.3:*:*:*:*:*:*:*OR cpe:/a:php:php:4.0.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.0.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.1.1:*:*:*:*:*:*:*OR cpe:/a:php:php:4.1.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.2.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.2.2:*:*:*:*:*:*:*OR cpe:/a:php:php:4.2.3:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.0:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.1:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.3:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.4:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.5:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.6:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.7:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.8:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*OR cpe:/a:php:php:4.3.10:-:*:*:*:*:*:*OR cpe:/a:php:php:4.3.11:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.1:-:*:*:*:*:*:*OR cpe:/a:php:php:4.4.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
Configuration RedHat 1:
cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
Configuration RedHat 2:
cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
Configuration RedHat 3:
cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
Configuration RedHat 4:
cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
Configuration RedHat 5:
cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.opensuse.security:def:20060208 | V | CVE-2006-0208 | 2015-11-16 | | oval:org.mitre.oval:def:10064 | V | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | 2013-04-29 | | oval:com.redhat.rhsa:def:20060276 | P | RHSA-2006:0276: php security update (Moderate) | 2006-04-25 |
|
| BACK |