oval:org.mitre.oval:def:7085
| Definition Id: oval:org.mitre.oval:def:7085 | |||
| Oval ID: | oval:org.mitre.oval:def:7085 | ||
| Title: | HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS) | ||
| Description: | The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4142 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
