Vulnerability Name:
CVE-2006-4485 (CCN-32948)
Assigned:
2006-08-17
Published:
2006-08-17
Updated:
2018-10-30
Summary:
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
CVSS v3 Severity:
5.6 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
7.4 High
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
5.1 Medium
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
3.8 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Other
References:
Source: MITRE
Type: CNA
CVE-2006-4485
Source: CCN
Type: RHSA-2006-0688
php security update
Source: REDHAT
Type: UNKNOWN
RHSA-2006:0688
Source: CCN
Type: SA21546
PHP Multiple Vulnerabilities
Source: SECUNIA
Type: Patch, Vendor Advisory
21546
Source: SECUNIA
Type: UNKNOWN
21842
Source: SECUNIA
Type: UNKNOWN
22331
Source: CCN
Type: SA22538
Avaya Products PHP Multiple Vulnerabilites
Source: SECUNIA
Type: UNKNOWN
22538
Source: CCN
Type: SECTRACK ID: 1016984
PHP Heap Overflows and Other Bugs Let Users Execute Arbitrary Code or Cause Denial of Service Conditions
Source: SECTRACK
Type: UNKNOWN
1016984
Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm
Source: CCN
Type: ASA-2006-223
php security update (RHSA-2006-0688)
Source: CCN
Type: The PHP Group Web site
PHP 5.1.5 Release Announcement
Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:162
Source: CONFIRM
Type: Patch
http://www.php.net/release_5_1_5.php
Source: BID
Type: UNKNOWN
19582
Source: CCN
Type: BID-19582
PHP Multiple Input Validation Vulnerabilities
Source: CCN
Type: USN-362-1
PHP vulnerabilities
Source: UBUNTU
Type: UNKNOWN
USN-362-1
Source: VUPEN
Type: UNKNOWN
ADV-2006-3318
Source: XF
Type: UNKNOWN
php-stripos-unspecified(32948)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
OR
cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
OR
cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
AND
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
OR
cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
OR
cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
OR
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
Denotes that component is vulnerable
BACK
php
php 5.1.0
php
php 5.1.1
php
php 5.1.2
php
php 5.1.4
php
php 5.0.3
php
php 5.0.4
php
php 5.0.0
php
php 5.0.5
php
php 5.1.1
php
php 5.1.2
php
php 5.1.4
php
php 5.0.2
php
php 5.0.0 beta1
php
php 5.0.0 beta2
php
php 5.0.0 beta3
php
php 5.0.0 beta4
php
php 5.0.0 rc1
php
php 5.0.0 rc2
php
php 5.0.0 rc3
php
php 5.0.1
php
php 5.1.0
php
php 5.1.3
mandrakesoft
mandrake linux corporate server 3.0
mandrakesoft
mandrake multi network firewall 2.0
mandrakesoft
mandrake linux 2006
canonical
ubuntu 6.06
mandrakesoft
mandrake linux 2006
mandrakesoft
mandrake linux corporate server 3.0