Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2006-1991

Published: 24/04/2006 Updated: 20/07/2017
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Php

Vulnerability Summary

The substr_compare function in string.c in PHP 5.1.2 allows context-dependent malicious users to cause a denial of service (memory access violation) via an out-of-bounds offset argument.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.1.2

Vendor Advisories

Ubuntu Security Notice: php4, php5 vulnerabilities
The phpinfo() PHP function did not properly sanitize long strings A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo() Please note that it is not recommended to publicly expose phpinfo() (CVE-2006-0996) ...
Debian CVElist Bug Report Logs: CVE-2006-1990/CVE-2006-1991: Security vulnerabilities in php
Debian Bug report logs - #365311 CVE-2006-1990/CVE-2006-1991: Security vulnerabilities in php Package: php4; Maintainer for php4 is (unknown); Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 29 Apr 2006 06:48:02 UTC Severity: grave Tags: security Found in version php4/4:442-1 Fixed in version php4/4:442-11 D ...
Debian CVElist Bug Report Logs: CVE-2006-1990/CVE-2006-1991: Security vulnerabilities in php
Debian Bug report logs - #365312 CVE-2006-1990/CVE-2006-1991: Security vulnerabilities in php Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 29 Apr 2006 06:4 ...

References

CWE-399http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-04-02http://securitytracker.com/id?1015979http://secunia.com/advisories/20269http://www.novell.com/linux/security/advisories/2006_31_php.htmlhttp://security.gentoo.org/glsa/glsa-200605-08.xmlhttp://www.ubuntu.com/usn/usn-320-1http://secunia.com/advisories/20052http://secunia.com/advisories/20676http://secunia.com/advisories/21125http://www.vupen.com/english/advisories/2006/1500http://www.mandriva.com/security/advisories?name=MDKSA-2006:091https://exchange.xforce.ibmcloud.com/vulnerabilities/26003https://usn.ubuntu.com/320-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook