Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-0208 | First vendor Publication | 2006-01-13 |
Vendor | Cve | Last vendor Modification | 2018-10-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10064 | |||
Oval ID: | oval:org.mitre.oval:def:10064 | ||
Title: | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0208 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.1.2 File : nvt/nopsec_php_5_1_2.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015639.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-22 (php) File : nvt/glsa_200603_22.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22480 | PHP Unspecified Error Condition XSS PHP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the user-supplied input upon submission to the PHP 'Error Message' scripts. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-11-18 | Name : The remote web server uses a version of PHP that is affected by multiple cros... File : php_4_4_2.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_1_2.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0276.nasl - Type : ACT_GATHER_INFO |
2006-05-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0501.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0276.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-22.nasl - Type : ACT_GATHER_INFO |
2006-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-261-1.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-028.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:03:46 |
|
2024-02-01 12:01:50 |
|
2023-09-05 12:03:32 |
|
2023-09-05 01:01:41 |
|
2023-09-02 12:03:35 |
|
2023-09-02 01:01:42 |
|
2023-08-12 12:04:10 |
|
2023-08-12 01:01:42 |
|
2023-08-11 12:03:39 |
|
2023-08-11 01:01:44 |
|
2023-08-06 12:03:26 |
|
2023-08-06 01:01:43 |
|
2023-08-04 12:03:30 |
|
2023-08-04 01:01:44 |
|
2023-07-14 12:03:30 |
|
2023-07-14 01:01:44 |
|
2023-03-29 01:03:41 |
|
2023-03-28 12:01:48 |
|
2022-10-11 12:03:07 |
|
2022-10-11 01:01:35 |
|
2021-05-04 12:03:37 |
|
2021-04-22 01:04:07 |
|
2020-05-23 00:17:19 |
|
2019-06-08 12:01:37 |
|
2018-10-31 00:19:45 |
|
2018-10-04 00:19:26 |
|
2017-10-11 09:23:37 |
|
2016-06-28 15:34:30 |
|
2016-04-26 14:12:55 |
|
2014-02-17 10:34:19 |
|
2013-05-11 10:47:08 |
|