Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2006-0208

Published: 13/01/2006 Updated: 30/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Php

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote malicious users to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 4.0.5

php php 4.0.6

php php 4.0

php php 4.1.0

php php 4.3.0

php php 4.3.1

php php 4.3.10

php php 4.3.7

php php 4.3.8

php php 5.0.0

php php 5.1.0

php php 5.1.1

php php 4.0.0

php php 4.1.1

php php 4.1.2

php php 4.3.11

php php 4.3.2

php php 4.3.9

php php 4.4.1

php php 4.0.1

php php 4.0.2

php php 4.2.0

php php 4.2.1

php php 4.3.3

php php 4.3.4

php php 4.4.2

php php 5.0.1

php php 5.0.2

php php 4.0.3

php php 4.0.4

php php 4.2.2

php php 4.2.3

php php 4.3.5

php php 4.3.6

php php 5.0.3

php php 5.0.4

php php 5.0.5

Vendor Advisories

Ubuntu Security Notice: php4, php5 vulnerabilities
Stefan Esser discovered that the ‘session’ module did not sufficiently verify the validity of the user-supplied session ID A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting (forging of arbitrary responses on behalf the PHP application ...
Debian CVElist Bug Report Logs: PHP4 in Sarge may be vulnerable to CVE-2006-0208
Debian Bug report logs - #354682 PHP4 in Sarge may be vulnerable to CVE-2006-0208 Package: php4; Maintainer for php4 is (unknown); Reported by: "Nick Jenkins" <nickpj@gmailcom> Date: Tue, 28 Feb 2006 04:48:16 UTC Severity: normal Tags: security Found in version php4/4:4310-16 Fixed in version php4/4:441 Done: Steve ...
Debian CVElist Bug Report Logs: CVE-2008-5814: XSS vulnerability in PHP <= 5.2.7
Debian Bug report logs - #523028 CVE-2008-5814: XSS vulnerability in PHP &lt;= 527 Package: php5; Maintainer for php5 is Debian PHP Maintainers &lt;pkg-php-maint@listsaliothdebianorg&gt;; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: "Michael S Gilbert" &lt;michaelsgilbert@gmailcom&gt; Date: Tue, 7 Apr ...
Debian CVElist Bug Report Logs: PHP 4.4.1 fixes security bugs
Debian Bug report logs - #336645 PHP 441 fixes security bugs Package: php4; Maintainer for php4 is (unknown); Reported by: Florian Weimer &lt;fw@denebenyode&gt; Date: Mon, 31 Oct 2005 19:48:02 UTC Severity: grave Tags: security Found in version php4/4:4310-16 Fixed in version php4/4:442-1 Done: Adam Conrad &lt;adconrad ...
Debian CVElist Bug Report Logs: php5: Two security problems in PHP5
Debian Bug report logs - #347894 php5: Two security problems in PHP5 Package: php5; Maintainer for php5 is Debian PHP Maintainers &lt;pkg-php-maint@listsaliothdebianorg&gt;; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff &lt;jmm@inutilorg&gt; Date: Fri, 13 Jan 2006 11:33:02 UTC Severity: g ...
Debian CVElist Bug Report Logs: CVE-2005-3319: mod_php DoS through session.save_path option
Debian Bug report logs - #336004 CVE-2005-3319: mod_php DoS through sessionsave_path option Package: php4; Maintainer for php4 is (unknown); Reported by: Moritz Muehlenhoff &lt;jmm@inutilorg&gt; Date: Thu, 27 Oct 2005 10:48:02 UTC Severity: important Tags: security Found in version php4/4:440-4 Fixed in version php4/4:442 ...
Debian CVElist Bug Report Logs: CVE-2009-0754: mbstring.func_overload setting leakage across vhosts
Debian Bug report logs - #523049 CVE-2009-0754: mbstringfunc_overload setting leakage across vhosts Package: php5; Maintainer for php5 is Debian PHP Maintainers &lt;pkg-php-maint@listsaliothdebianorg&gt;; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: "Michael S Gilbert" &lt;michaelsgilbert@gmailcom&gt; D ...

References

CWE-79http://www.php.net/release_5_1_2.phphttp://secunia.com/advisories/18431https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028http://secunia.com/advisories/18697http://www.securityfocus.com/bid/16803http://secunia.com/advisories/19179http://www.gentoo.org/security/en/glsa/glsa-200603-22.xmlhttp://secunia.com/advisories/19355http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.htmlhttp://secunia.com/advisories/19012http://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://secunia.com/advisories/19832http://www.redhat.com/support/errata/RHSA-2006-0501.htmlhttp://secunia.com/advisories/20222http://support.avaya.com/elmodocs2/security/ASA-2006-129.htmhttp://secunia.com/advisories/20951http://secunia.com/advisories/21252http://support.avaya.com/elmodocs2/security/ASA-2006-160.htmhttp://secunia.com/advisories/21564http://rhn.redhat.com/errata/RHSA-2006-0549.htmlftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://secunia.com/advisories/20210http://www.mandriva.com/security/advisories?name=MDKSA-2006:028http://www.php.net/ChangeLog-4.php#4.4.2http://www.vupen.com/english/advisories/2006/0369http://www.vupen.com/english/advisories/2006/0177http://www.vupen.com/english/advisories/2006/2685https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064https://usn.ubuntu.com/261-1/https://usn.ubuntu.com/261-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook