CVE-2006-0996 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-0996
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0996

Description: Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25702 UBUNTU http://www.ubuntu.com/usn/usn-320-1 SUSE http://www.novell.com/linux/security/advisories/05-05-2006.html ST 1015879 SREASONRES http://securityreason.com/achievement_securityalert/34 SREASON http://securityreason.com/securityalert/675 SGI SAID Secunia Advisory: SA21125 Secunia Advisory: SA20210 Secunia Advisory: SA20052 Secunia Advisory: SA19979 Secunia Advisory: SA19775 Secunia Advisory: SA21564 Secunia Advisory: SA21252 Secunia Advisory: SA20951 Secunia Advisory: SA20222 Secunia Advisory: SA19832 Secunia Advisory: SA19599 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0549.html http://www.redhat.com/support/errata/RHSA-2006-0501.html http://rhn.redhat.com/errata/RHSA-2006-0276.html OSVDB 24484 MLIST http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:074 GENTOO http://security.gentoo.org/glsa/glsa-200605-08.xml CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm http://www.php.net/ChangeLog-4.php#4.4.3 http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261 http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c BID 17362

Return to the previous page.