CVE-2006-0208

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html Vendor Advisory
http://secunia.com/advisories/18431 Patch Vendor Advisory
http://secunia.com/advisories/18697 Patch Vendor Advisory
http://secunia.com/advisories/19012 Vendor Advisory
http://secunia.com/advisories/19179 Patch Vendor Advisory
http://secunia.com/advisories/19355 Patch Vendor Advisory
http://secunia.com/advisories/19832 Vendor Advisory
http://secunia.com/advisories/20210 Vendor Advisory
http://secunia.com/advisories/20222 Vendor Advisory
http://secunia.com/advisories/20951 Vendor Advisory
http://secunia.com/advisories/21252 Vendor Advisory
http://secunia.com/advisories/21564 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
http://www.php.net/ChangeLog-4.php#4.4.2
http://www.php.net/release_5_1_2.php Patch
http://www.redhat.com/support/errata/RHSA-2006-0501.html Vendor Advisory
http://www.securityfocus.com/bid/16803 Patch
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2685 Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
https://usn.ubuntu.com/261-1/
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html Vendor Advisory
http://secunia.com/advisories/18431 Patch Vendor Advisory
http://secunia.com/advisories/18697 Patch Vendor Advisory
http://secunia.com/advisories/19012 Vendor Advisory
http://secunia.com/advisories/19179 Patch Vendor Advisory
http://secunia.com/advisories/19355 Patch Vendor Advisory
http://secunia.com/advisories/19832 Vendor Advisory
http://secunia.com/advisories/20210 Vendor Advisory
http://secunia.com/advisories/20222 Vendor Advisory
http://secunia.com/advisories/20951 Vendor Advisory
http://secunia.com/advisories/21252 Vendor Advisory
http://secunia.com/advisories/21564 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
http://www.php.net/ChangeLog-4.php#4.4.2
http://www.php.net/release_5_1_2.php Patch
http://www.redhat.com/support/errata/RHSA-2006-0501.html Vendor Advisory
http://www.securityfocus.com/bid/16803 Patch
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2685 Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
https://usn.ubuntu.com/261-1/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:05

Type Values Removed Values Added
References () ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc - () ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc -
References () http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html - () http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html -
References () http://rhn.redhat.com/errata/RHSA-2006-0276.html - () http://rhn.redhat.com/errata/RHSA-2006-0276.html -
References () http://rhn.redhat.com/errata/RHSA-2006-0549.html - Vendor Advisory () http://rhn.redhat.com/errata/RHSA-2006-0549.html - Vendor Advisory
References () http://secunia.com/advisories/18431 - Patch, Vendor Advisory () http://secunia.com/advisories/18431 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18697 - Patch, Vendor Advisory () http://secunia.com/advisories/18697 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19012 - Vendor Advisory () http://secunia.com/advisories/19012 - Vendor Advisory
References () http://secunia.com/advisories/19179 - Patch, Vendor Advisory () http://secunia.com/advisories/19179 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19355 - Patch, Vendor Advisory () http://secunia.com/advisories/19355 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19832 - Vendor Advisory () http://secunia.com/advisories/19832 - Vendor Advisory
References () http://secunia.com/advisories/20210 - Vendor Advisory () http://secunia.com/advisories/20210 - Vendor Advisory
References () http://secunia.com/advisories/20222 - Vendor Advisory () http://secunia.com/advisories/20222 - Vendor Advisory
References () http://secunia.com/advisories/20951 - Vendor Advisory () http://secunia.com/advisories/20951 - Vendor Advisory
References () http://secunia.com/advisories/21252 - Vendor Advisory () http://secunia.com/advisories/21252 - Vendor Advisory
References () http://secunia.com/advisories/21564 - Vendor Advisory () http://secunia.com/advisories/21564 - Vendor Advisory
References () http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm - () http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm -
References () http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm - () http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm -
References () http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml - Patch, Vendor Advisory () http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml - Patch, Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 - () http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 -
References () http://www.php.net/ChangeLog-4.php#4.4.2 - () http://www.php.net/ChangeLog-4.php#4.4.2 -
References () http://www.php.net/release_5_1_2.php - Patch () http://www.php.net/release_5_1_2.php - Patch
References () http://www.redhat.com/support/errata/RHSA-2006-0501.html - Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2006-0501.html - Vendor Advisory
References () http://www.securityfocus.com/bid/16803 - Patch () http://www.securityfocus.com/bid/16803 - Patch
References () http://www.vupen.com/english/advisories/2006/0177 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0177 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0369 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0369 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/2685 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/2685 - Vendor Advisory
References () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 - () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064 -
References () https://usn.ubuntu.com/261-1/ - () https://usn.ubuntu.com/261-1/ -

Information

Published : 2006-01-13 23:03

Updated : 2024-11-21 00:05


NVD link : CVE-2006-0208

Mitre link : CVE-2006-0208

CVE.ORG link : CVE-2006-0208


JSON object : View

Products Affected

php

  • php
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')