5
CVSSv2

CVE-2006-1490

Published: 29/03/2006 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

PHP prior to 5.1.3-RC1 might allow remote malicious users to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

Vendor Advisories

Debian Bug report logs - #359904 [CVE-2006-1490] Binary safety issue in html_entity_decode() may leak information Package: php4; Maintainer for php4 is (unknown); Reported by: Moritz Naumann <info@moritz-naumanncom> Date: Wed, 29 Mar 2006 13:33:01 UTC Severity: grave Tags: patch, security Found in versions php4/4:442-1 ...
The phpinfo() PHP function did not properly sanitize long strings A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo() Please note that it is not recommended to publicly expose phpinfo() (CVE-2006-0996) ...

Exploits

source: wwwsecurityfocuscom/bid/17296/info PHP 'html_entity_decode()' function is prone to an information-disclosure vulnerability This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's result to an attacker Information that the attacker gathers by exploiting this vuln ...

References

NVD-CWE-Otherftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugs.gentoo.org/show_bug.cgi?id=127939http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=loghttp://docs.info.apple.com/article.html?artnum=304829http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://secunia.com/advisories/19383http://secunia.com/advisories/19499http://secunia.com/advisories/19570http://secunia.com/advisories/19832http://secunia.com/advisories/19979http://secunia.com/advisories/20052http://secunia.com/advisories/20210http://secunia.com/advisories/20951http://secunia.com/advisories/21125http://secunia.com/advisories/23155http://security.gentoo.org/glsa/glsa-200605-08.xmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-129.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:063http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.securityfocus.com/archive/1/429162/100/0/threadedhttp://www.securityfocus.com/archive/1/429164/100/0/threadedhttp://www.securityfocus.com/bid/17296http://www.trustix.org/errata/2006/0020http://www.ubuntu.com/usn/usn-320-1http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://www.vupen.com/english/advisories/2006/1149http://www.vupen.com/english/advisories/2006/2685http://www.vupen.com/english/advisories/2006/4750https://exchange.xforce.ibmcloud.com/vulnerabilities/25508https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-1490https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359904https://nvd.nist.govhttps://www.exploit-db.com/exploits/27508/https://usn.ubuntu.com/320-1/http://tools.cisco.com/security/center/viewAlert.x?alertId=10645