CVE-2006-0208

CVSS V2 Low 2.6 CVSS V3 None
Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
Overview
  • CVE ID
  • CVE-2006-0208
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2006-01-13T23:03:00
  • Last Modified Date
  • 2018-10-30T16:25:35
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 2.6
  • Severity
  • LOW
  • Exploitability Score
  • 4.9
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.php.net/release_5_1_2.php Patch
http://secunia.com/advisories/18431 Patch Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
http://secunia.com/advisories/18697 Patch Vendor Advisory
http://www.securityfocus.com/bid/16803 Patch
http://secunia.com/advisories/19179 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch Vendor Advisory
http://secunia.com/advisories/19355 Patch Vendor Advisory
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://secunia.com/advisories/19012 Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://secunia.com/advisories/19832 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0501.html Vendor Advisory
http://secunia.com/advisories/20222 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://secunia.com/advisories/20951 Vendor Advisory
http://secunia.com/advisories/21252 Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://secunia.com/advisories/21564 Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0549.html Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://secunia.com/advisories/20210 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
http://www.php.net/ChangeLog-4.php#4.4.2
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2685 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
https://usn.ubuntu.com/261-1/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2006-0208
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
History
Created Old Value New Value Data Type Notes
2022-05-10 18:01:29 Added to TrackCVE