CVE-2006-0996
published 2006-04-10CVE-2006-0996: Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
10.81%
95.3th percentile
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2006-07-19·CVSS 4.3
CVE-2006-1494 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
The phpinfo() PHP function did not properly sanitize long strings. A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). Please note that it is not recommended to publicly expose
phpinfo(). (CVE-2006-0996)
An information disclosure has been reported in the
html_entity_decode() function. A script which uses this function to
process arbitrary user-supplied input could be exploited to expose a
random part of memory, which could potentially reveal sensitive data.
(CVE-2006-1490)
The wordwrap() function did not sufficiently check the validity of the
'break' argument. An attacker who could control the string passed to
the 'break' parameter cou
Red Hat
security flaw
vendor_redhat·2006-03-30·CVSS 4.3
CVE-2006-0996 [MEDIUM] security flaw
security flaw
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
GHSA
GHSA-h9v7-73gj-prww: Cross-site scripting (XSS) vulnerability in phpinfo (info
ghsa_unreviewed·2022-05-03
CVE-2006-0996 [MEDIUM] CWE-79 GHSA-h9v7-73gj-prww: Cross-site scripting (XSS) vulnerability in phpinfo (info
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
No detection rules found.
Bugzilla
CVE-2006-0996 security flaw
bugzilla·2018-08-16·CVSS 4.3
CVE-2006-0996 [MEDIUM] CVE-2006-0996 security flaw
CVE-2006-0996 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
Bugzilla
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
bugzilla·2007-03-01·CVSS 2.1
CVE-2007-1285 [LOW] CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
Description of problem:
This bug will be used to provide tracking information for the issues reported
during the "Month of PHP Bugs" initiative, http://www.php-security.org/
Discussion:
Introduction: The PHP interpreter does not offer a reliable
"sandboxed" security layer (as found in, say, a JVM) in which
untrusted scripts can be run; any script run by the PHP interpreter
must be trusted with the privileges of the interpreter itself. In
analysis of these issues, bugs which rely on an "untrusted local
attacker" will therefore not be classified as being
security-sensitive, since no trust boundary is crossed.
---
MOPB-01-2007 describes an issue in the PHP interpreter regarding the
Bugzilla
CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
bugzilla·2006-06-19·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
Several security issues were found in the PHP package in Stronghold 4.0:
The wordwrap() PHP function did not properly check for integer overflow in
the way the "break" parameter was handled. An attacker who could control a
string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)
The phpinfo() PHP function did not properly sanitize long strings. This
could allow an attacker to perform cross-site scripting attacks against
sites that had publicly-available PHP scripts that called phpinfo().
(CVE-2006-0996)
A flaw in the way PHP registered global variables during a file upload
request was discovered. A remote attacker could submit a carefully crafted
multipart/form-data POST request tha
Bugzilla
CVE-2006-0996 phpinfo() XSS issue
bugzilla·2006-05-05·CVSS 4.3
CVE-2006-0996 [MEDIUM] CVE-2006-0996 phpinfo() XSS issue
CVE-2006-0996 phpinfo() XSS issue
phpinfo() XSS issue
An XSS issue has been found in phpinfo(). The CVS commit information
is here:
http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
There is more information here:
http://securityreason.com/achievement_securityalert/34
Discussion:
Verified in Stacks-LAMPV1-re20060524.1.
---
This issue was addressed in Red Hat Application Stack v1 before GA.
Bugzilla
CVE-2006-0996 phpinfo() XSS issue
bugzilla·2006-05-03·CVSS 4.3
CVE-2006-0996 [MEDIUM] CVE-2006-0996 phpinfo() XSS issue
CVE-2006-0996 phpinfo() XSS issue
+++ This bug was initially created as a clone of Bug #187510 +++
phpinfo() XSS issue
An XSS issue has been found in phpinfo(). The CVS commit information
is here:
http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
-- Additional comment from [email protected] on 2006-04-10 09:50 EST --
There is more information here:
http://securityreason.com/achievement_securityalert/34
-- Additional comment from [email protected] on 2006-04-29 13:36 EST --
Patch php-4.3.9-CVE-2006-0996.patch is incorrect. There is no TSRMLS_CC in
zend_print_zval_ex().
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on t
Bugzilla
CVE-2006-0996 phpinfo() XSS issue
bugzilla·2006-05-03·CVSS 4.3
CVE-2006-0996 [MEDIUM] CVE-2006-0996 phpinfo() XSS issue
CVE-2006-0996 phpinfo() XSS issue
+++ This bug was initially created as a clone of Bug #187510 +++
phpinfo() XSS issue
An XSS issue has been found in phpinfo(). The CVS commit information
is here:
http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
-- Additional comment from [email protected] on 2006-04-10 09:50 EST --
There is more information here:
http://securityreason.com/achievement_securityalert/34
-- Additional comment from [email protected] on 2006-04-29 13:36 EST --
Patch php-4.3.9-CVE-2006-0996.patch is incorrect. There is no TSRMLS_CC in
zend_print_zval_ex().
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on t
Bugzilla
CVE-2006-0996 phpinfo() XSS issue
bugzilla·2006-03-31·CVSS 4.3
CVE-2006-0996 [MEDIUM] CVE-2006-0996 phpinfo() XSS issue
CVE-2006-0996 phpinfo() XSS issue
phpinfo() XSS issue
An XSS issue has been found in phpinfo(). The CVS commit information
is here:
http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
There is more information here:
http://securityreason.com/achievement_securityalert/34
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0276.html
---
Patch php-4.3.9-CVE-2006-0996.patch is incor
Bugzilla
CVE-2006-0996 phpinfo() XSS issue
bugzilla·2006-03-31·CVSS 4.3
CVE-2006-0996 [MEDIUM] CVE-2006-0996 phpinfo() XSS issue
CVE-2006-0996 phpinfo() XSS issue
phpinfo() XSS issue
An XSS issue has been found in phpinfo(). The CVS commit information
is here:
http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
Discussion:
There is more information here:
http://securityreason.com/achievement_securityalert/34
---
Fixed in FEDORA-2006-289.
Bugzilla
CVE-2002-2214 PHP segfault imap_fetch_overview() (CVE-2002-2215, CVE-2003-1302, CVE-2003-1303). Also - Multiple PHP vulnerabilities (CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1
bugzilla·2005-12-05·CVSS 5.0
CVE-2002-2214 [MEDIUM] CVE-2002-2214 PHP segfault imap_fetch_overview() (CVE-2002-2215, CVE-2003-1302, CVE-2003-1303). Also - Multiple PHP vulnerabilities (CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1
CVE-2002-2214 PHP segfault imap_fetch_overview() (CVE-2002-2215, CVE-2003-1302, CVE-2003-1303). Also - Multiple PHP vulnerabilities (CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1490 CVE-2006-1990)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4
Description of problem:
If a mailbox contains a From: or To: header beginning with an overlong e-mail address, imap_fetch_overview() will segfault when processing that message.
This is one of several vulnerabilities where code in php_imap.c calls rfc822_write_address() to write an e-mail address to a buffer of fixed size without first checking that the e-mail address fits into the buffer.
http://bugs.php.net/bug.php?id=15595
http://bugs.php.net/bug.php
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.chttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261http://marc.info/?l=php-cvs&m=114374620416389&w=2http://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/19599http://secunia.com/advisories/19775http://secunia.com/advisories/19832http://secunia.com/advisories/19979http://secunia.com/advisories/20052http://secunia.com/advisories/20210http://secunia.com/advisories/20222http://secunia.com/advisories/20951http://secunia.com/advisories/21125http://secunia.com/advisories/21252http://secunia.com/advisories/21564http://security.gentoo.org/glsa/glsa-200605-08.xmlhttp://securityreason.com/achievement_securityalert/34http://securityreason.com/securityalert/675http://securitytracker.com/id?1015879http://support.avaya.com/elmodocs2/security/ASA-2006-129.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-160.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:074http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.osvdb.org/24484http://www.php.net/ChangeLog-4.php#4.4.3http://www.redhat.com/support/errata/RHSA-2006-0501.htmlhttp://www.securityfocus.com/bid/17362http://www.ubuntu.com/usn/usn-320-1http://www.vupen.com/english/advisories/2006/1290http://www.vupen.com/english/advisories/2006/2685https://exchange.xforce.ibmcloud.com/vulnerabilities/25702https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.chttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261http://marc.info/?l=php-cvs&m=114374620416389&w=2http://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/19599http://secunia.com/advisories/19775http://secunia.com/advisories/19832http://secunia.com/advisories/19979http://secunia.com/advisories/20052http://secunia.com/advisories/20210http://secunia.com/advisories/20222http://secunia.com/advisories/20951http://secunia.com/advisories/21125http://secunia.com/advisories/21252http://secunia.com/advisories/21564http://security.gentoo.org/glsa/glsa-200605-08.xmlhttp://securityreason.com/achievement_securityalert/34http://securityreason.com/securityalert/675http://securitytracker.com/id?1015879http://support.avaya.com/elmodocs2/security/ASA-2006-129.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-160.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:074http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.osvdb.org/24484http://www.php.net/ChangeLog-4.php#4.4.3http://www.redhat.com/support/errata/RHSA-2006-0501.htmlhttp://www.securityfocus.com/bid/17362http://www.ubuntu.com/usn/usn-320-1http://www.vupen.com/english/advisories/2006/1290http://www.vupen.com/english/advisories/2006/2685https://exchange.xforce.ibmcloud.com/vulnerabilities/25702https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997
2006-04-10
Published