NVD脆弱性詳細

Exploit、PoC検索

Exploit DB

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2006-0996

概要	Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
公表日	2006年4月11日3:06
登録日	2021年1月29日15:32
最終更新日	2017年10月11日10:30

CVSS2.0 : MEDIUM
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:php:php:4.4.2:::::::*
cpe:2.3:a:php:php:5.1.2:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc	SGI
2	http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c	CONFIRM
3	http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261	CONFIRM	Patch
4	http://marc.info/?l=php-cvs&m=114374620416389&w=2	MLIST
5	http://rhn.redhat.com/errata/RHSA-2006-0276.html	REDHAT
6	http://rhn.redhat.com/errata/RHSA-2006-0549.html	REDHAT
7	http://secunia.com/advisories/19599	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/19775	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/19832	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/19979	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/20052	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/20210	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/20222	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/20951	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/21125	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/21252	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/21564	SECUNIA	Vendor Advisory
18	http://security.gentoo.org/glsa/glsa-200605-08.xml	GENTOO
19	http://securityreason.com/achievement_securityalert/34	SREASONRES
20	http://securityreason.com/securityalert/675	SREASON
21	http://securitytracker.com/id?1015879	SECTRACK
22	http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm	CONFIRM
23	http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm	CONFIRM
24	http://www.mandriva.com/security/advisories?name=MDKSA-2006:074	MANDRIVA
25	http://www.novell.com/linux/security/advisories/05-05-2006.html	SUSE
26	http://www.osvdb.org/24484	OSVDB
27	http://www.php.net/ChangeLog-4.php#4.4.3	CONFIRM
28	http://www.redhat.com/support/errata/RHSA-2006-0501.html	REDHAT
29	http://www.securityfocus.com/bid/17362	BID	Exploit
30	http://www.ubuntu.com/usn/usn-320-1	UBUNTU
31	http://www.vupen.com/english/advisories/2006/1290	VUPEN
32	http://www.vupen.com/english/advisories/2006/2685	VUPEN
33	https://exchange.xforce.ibmcloud.com/vulnerabilities/25702	XF
34	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997	OVAL

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html