Launchpad.net

CVE 2006-0996

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://cvs.php.net/vie...
BID: 17362
SECTRACK: 1015879
SECUNIA: 19599
REDHAT: RHSA-2006:0276
SECUNIA: 19832
REDHAT: RHSA-2006:0501
SECUNIA: 20222
SUSE: SUSE-SA:2006:024
GENTOO: GLSA-200605-08
CONFIRM: http://support.avaya.c...
SECUNIA: 20951
UBUNTU: USN-320-1
SECUNIA: 21252
CONFIRM: http://www.php.net/Cha...
OSVDB: 24484
CONFIRM: http://support.avaya.c...
SECUNIA: 21564
REDHAT: RHSA-2006:0549
SGI: 20060501-01-U
SECUNIA: 19775
SECUNIA: 19979
SECUNIA: 20052
SECUNIA: 20210
SECUNIA: 21125
SREASONRES: 20060408 phpinfo() Cro...
SREASON: 675
MANDRIVA: MDKSA-2006:074
VUPEN: ADV-2006-1290
VUPEN: ADV-2006-2685
MLIST: [php-cvs] 20060330 cvs...
CONFIRM: http://cvs.php.net/vie...
XF: php-phpinfo-long-array...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2006-0996

Related bugs

References