CVE-2009-4142
published 2009-12-21CVE-2009-4142: The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
6.50%
92.9th percentile
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
Affected
87 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.2.11 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_ubuntu6.4MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2010-01-13·CVSS 6.4
CVE-2009-2626 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
Maksymilian Arciemowicz discovered that PHP did not properly handle the
ini_restore function. An attacker could exploit this issue to obtain
random memory contents or to cause the PHP server to crash, resulting in a
denial of service. (CVE-2009-2626)
It was discovered that the htmlspecialchars function did not properly
handle certain character sequences, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2009-4142
Red Hat
php: htmlspecialchars() insufficient checking of input for multi-byte encodings
vendor_redhat·2009-10-06·CVSS 4.3
CVE-2009-4142 [MEDIUM] php: htmlspecialchars() insufficient checking of input for multi-byte encodings
php: htmlspecialchars() insufficient checking of input for multi-byte encodings
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
GHSA
GHSA-q555-wmm9-43g3: The htmlspecialchars function in PHP before 5
ghsa_unreviewed·2022-05-02
CVE-2009-4142 [MEDIUM] CWE-79 GHSA-q555-wmm9-43g3: The htmlspecialchars function in PHP before 5
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
No detection rules found.
Exploit-DB
PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (2)
exploitdb·2009-12-17
CVE-2009-4142 PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (2)
PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (2)
---
source: https://www.securityfocus.com/bid/37389/info
PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
NOTE: In some configurations, attackers may exploit this issue to carry out HTML-injection attacks.
Versions prior to PHP 5.2.12 are vulnerable.
? "
Shift_JIS test Shift_JIS test
" title = "" href = " " > test href = ""> test
Exploit-DB
PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (1)
exploitdb·2009-12-17
CVE-2009-4142 PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (1)
PHP 5.2.11 - 'htmlspecialCharacters()' Malformed Multibyte Character Cross-Site Scripting (1)
---
source: https://www.securityfocus.com/bid/37389/info
PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
NOTE: In some configurations, attackers may exploit this issue to carry out HTML-injection attacks.
Versions prior to PHP 5.2.12 are vulnerable.
// overlong UTF-8 sequence
echo htmlspecialchars("A\xC0\xAF&", ENT_QUOTES, 'UTF-8');
// invalid Shift_JIS sequence
echo htmlspecialchars("B\x8
http://bugs.php.net/bug.php?id=49785http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://marc.info/?l=bugtraq&m=127680701405735&w=2http://secunia.com/advisories/37821http://secunia.com/advisories/38648http://secunia.com/advisories/40262http://securitytracker.com/id?1023372http://support.apple.com/kb/HT4077http://www.debian.org/security/2010/dsa-2001http://www.php.net/ChangeLog-5.phphttp://www.php.net/releases/5_2_12.phphttp://www.securityfocus.com/bid/37389http://www.vupen.com/english/advisories/2009/3593https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10005https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7085http://bugs.php.net/bug.php?id=49785http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://marc.info/?l=bugtraq&m=127680701405735&w=2http://secunia.com/advisories/37821http://secunia.com/advisories/38648http://secunia.com/advisories/40262http://securitytracker.com/id?1023372http://support.apple.com/kb/HT4077http://www.debian.org/security/2010/dsa-2001http://www.php.net/ChangeLog-5.phphttp://www.php.net/releases/5_2_12.phphttp://www.securityfocus.com/bid/37389http://www.vupen.com/english/advisories/2009/3593https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10005https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7085
2009-12-21
Published