Executive Summary
Summary | |
---|---|
Title | PHP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-261-1 | First vendor Publication | 2006-03-10 |
Vendor | Ubuntu | Last vendor Modification | 2006-03-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libapache2-mod-php4 libapache2-mod-php5 The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.15 (libapache2-mod-php4 for Ubuntu 4.10), 4:4.3.10-10ubuntu4.4 (libapache2-mod-php4 for Ubuntu 5.04), or 5.0.5-2ubuntu1.2 (libapache2-mod-php5 for Ubuntu 5.10). After a standard system upgrade you need to restart Apache with sudo apache2ctl restart to effect the necessary changes. Details follow: Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting (forging of arbitrary responses on behalf the PHP application) and Cross Site Scripting (XSS) (execution of arbitrary web script code in the client's browser) attacks. (CVE-2006-0207) PHP applications were also vulnerable to several Cross Site Scripting (XSS) flaws if the options 'display_errors' and 'html_errors' were enabled. Please note that enabling 'html_errors' is not recommended for production systems. (CVE-2006-0208) |
Original Source
Url : http://www.ubuntu.com/usn/USN-261-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10064 | |||
Oval ID: | oval:org.mitre.oval:def:10064 | ||
Title: | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-0208 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-21 | Name : PHP version smaller than 5.1.2 File : nvt/nopsec_php_5_1_2.nasl |
2009-10-10 | Name : SLES9: Security update for PHP4 File : nvt/sles9p5015639.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-22 (php) File : nvt/glsa_200603_22.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1331-1 (php4) File : nvt/deb_1331_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22480 | PHP Unspecified Error Condition XSS PHP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the user-supplied input upon submission to the PHP 'Error Message' scripts. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
22478 | PHP Session Extension SessionID Set-Cookie Arbitrary Header Injection |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote web server uses a version of PHP that is affected by multiple cros... File : php_4_4_2.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_1_2.nasl - Type : ACT_GATHER_INFO |
2007-07-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1331.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0276.nasl - Type : ACT_GATHER_INFO |
2006-05-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0501.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0276.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-22.nasl - Type : ACT_GATHER_INFO |
2006-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-261-1.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-028.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:20 |
|