CVE-2006-1490

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-1490
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://bugs.gentoo.org/show_bug.cgi?id=127939
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113 Patch
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://secunia.com/advisories/19383
http://secunia.com/advisories/19499
http://secunia.com/advisories/19570
http://secunia.com/advisories/19832
http://secunia.com/advisories/19979
http://secunia.com/advisories/20052
http://secunia.com/advisories/20210
http://secunia.com/advisories/20951
http://secunia.com/advisories/21125
http://secunia.com/advisories/23155
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:063
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.securityfocus.com/archive/1/429162/100/0/threaded
http://www.securityfocus.com/archive/1/429164/100/0/threaded
http://www.securityfocus.com/bid/17296
http://www.trustix.org/errata/2006/0020
http://www.ubuntu.com/usn/usn-320-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html US Government Resource
http://www.vupen.com/english/advisories/2006/1149
http://www.vupen.com/english/advisories/2006/2685
http://www.vupen.com/english/advisories/2006/4750
https://exchange.xforce.ibmcloud.com/vulnerabilities/25508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://bugs.gentoo.org/show_bug.cgi?id=127939
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113 Patch
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://secunia.com/advisories/19383
http://secunia.com/advisories/19499
http://secunia.com/advisories/19570
http://secunia.com/advisories/19832
http://secunia.com/advisories/19979
http://secunia.com/advisories/20052
http://secunia.com/advisories/20210
http://secunia.com/advisories/20951
http://secunia.com/advisories/21125
http://secunia.com/advisories/23155
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:063
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.securityfocus.com/archive/1/429162/100/0/threaded
http://www.securityfocus.com/archive/1/429164/100/0/threaded
http://www.securityfocus.com/bid/17296
http://www.trustix.org/errata/2006/0020
http://www.ubuntu.com/usn/usn-320-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html US Government Resource
http://www.vupen.com/english/advisories/2006/1149
http://www.vupen.com/english/advisories/2006/2685
http://www.vupen.com/english/advisories/2006/4750
https://exchange.xforce.ibmcloud.com/vulnerabilities/25508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:09

Type Values Removed Values Added
References () ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc - () ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc -
References () http://bugs.gentoo.org/show_bug.cgi?id=127939 - () http://bugs.gentoo.org/show_bug.cgi?id=127939 -
References () http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113 - Patch () http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113 - Patch
References () http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log - () http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log -
References () http://docs.info.apple.com/article.html?artnum=304829 - () http://docs.info.apple.com/article.html?artnum=304829 -
References () http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html - () http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html -
References () http://rhn.redhat.com/errata/RHSA-2006-0276.html - () http://rhn.redhat.com/errata/RHSA-2006-0276.html -
References () http://secunia.com/advisories/19383 - () http://secunia.com/advisories/19383 -
References () http://secunia.com/advisories/19499 - () http://secunia.com/advisories/19499 -
References () http://secunia.com/advisories/19570 - () http://secunia.com/advisories/19570 -
References () http://secunia.com/advisories/19832 - () http://secunia.com/advisories/19832 -
References () http://secunia.com/advisories/19979 - () http://secunia.com/advisories/19979 -
References () http://secunia.com/advisories/20052 - () http://secunia.com/advisories/20052 -
References () http://secunia.com/advisories/20210 - () http://secunia.com/advisories/20210 -
References () http://secunia.com/advisories/20951 - () http://secunia.com/advisories/20951 -
References () http://secunia.com/advisories/21125 - () http://secunia.com/advisories/21125 -
References () http://secunia.com/advisories/23155 - () http://secunia.com/advisories/23155 -
References () http://security.gentoo.org/glsa/glsa-200605-08.xml - () http://security.gentoo.org/glsa/glsa-200605-08.xml -
References () http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm - () http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2006:063 - () http://www.mandriva.com/security/advisories?name=MDKSA-2006:063 -
References () http://www.novell.com/linux/security/advisories/05-05-2006.html - () http://www.novell.com/linux/security/advisories/05-05-2006.html -
References () http://www.securityfocus.com/archive/1/429162/100/0/threaded - () http://www.securityfocus.com/archive/1/429162/100/0/threaded -
References () http://www.securityfocus.com/archive/1/429164/100/0/threaded - () http://www.securityfocus.com/archive/1/429164/100/0/threaded -
References () http://www.securityfocus.com/bid/17296 - () http://www.securityfocus.com/bid/17296 -
References () http://www.trustix.org/errata/2006/0020 - () http://www.trustix.org/errata/2006/0020 -
References () http://www.ubuntu.com/usn/usn-320-1 - () http://www.ubuntu.com/usn/usn-320-1 -
References () http://www.us-cert.gov/cas/techalerts/TA06-333A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-333A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2006/1149 - () http://www.vupen.com/english/advisories/2006/1149 -
References () http://www.vupen.com/english/advisories/2006/2685 - () http://www.vupen.com/english/advisories/2006/2685 -
References () http://www.vupen.com/english/advisories/2006/4750 - () http://www.vupen.com/english/advisories/2006/4750 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/25508 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/25508 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11084 -

07 Nov 2023, 01:58

Type Values Removed Values Added
Summary PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents. PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
Information

Published : 2006-03-29 21:06

Updated : 2024-11-21 00:09

NVD link : CVE-2006-1490

Mitre link : CVE-2006-1490

CVE.ORG link : CVE-2006-1490

JSON object : View

Products Affected

php

  • php
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024