CNNVD-ID编号 | CNNVD-200604-117 |
CVE编号 | CVE-2006-0996 |
发布时间 | 2006-04-10 |
更新时间 | 2006-04-10 |
漏洞类型 | 跨站脚本 |
漏洞来源 | This issue was discovered by Maksymilian Arciemowicz. |
危险等级 | 中危 |
威胁类型 | 远程 |
厂 商 | php |
PHP 5.1.2和4.4.2中的phpinfo (info.c) 存在跨站脚本攻击(XSS)漏洞。这使得远程攻击者可以借助于长的数组变量注入任意Web脚本或HTML。所述长整型数组变量包括(1)大量的数值或(2)长整型值。该漏洞阻止删除HTML 标记。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
S.u.S.E. Linux Professional 10.0
SuSE apache2-mod_php4-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4 -4.4.0-6.10.i586.rpm
SuSE apache2-mod_php4-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4- 4.4.0-6.10.ppc.rpm
SuSE apache2-mod_php4-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_ph p4-4.4.0-6.10.x86_64.rpm
SuSE apache2-mod_php5-5.0.4-9.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5- 5.0.4-9.10.ppc.rpm
SuSE apache2-mod_php5-5.0.4-9.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_ph p5-5.0.4-9.10.x86_64.rpm
SuSE php4-32bit-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4 .0-6.10.x86_64.rpm
SuSE php4-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.10. i586.rpm
SuSE php4-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.10.p pc.rpm
SuSE php4-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.1 0.x86_64.rpm
SuSE php4-exif-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0- 6.10.i586.rpm
SuSE php4-exif-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6 .10.ppc.rpm
SuSE php4-exif-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4. 0-6.10.x86_64.rpm
SuSE php4-fastcgi-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4 .0-6.10.i586.rpm
SuSE php4-fastcgi-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4. 0-6.10.ppc.rpm
SuSE php4-fastcgi-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4 .4.0-6.10.x86_64.rpm
SuSE php4-mbstring-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4. 4.0-6.10.i586.rpm
SuSE php4-mbstring-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mbstring-4.4 .0-6.10.ppc.rpm
SuSE php4-mbstring-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mbstring- 4.4.0-6.10.x86_64.rpm
SuSE php4-servlet-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4 .0-6.10.i586.rpm
SuSE php4-servlet-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4 .4.0-6.10.x86_64.rpm
SuSE php4-unixODBC-4.4.0-6.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4. 4.0-6.10.i586.rpm
SuSE php4-unixODBC-4.4.0-6.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4 .0-6.10.ppc.rpm
SuSE php4-unixODBC-4.4.0-6.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC- 4.4.0-6.10.x86_64.rpm
SuSE php5-5.0.4-9.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.10. i586.rpm
SuSE php5-5.0.4-9.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.10.p pc.rpm
SuSE php5-5.0.4-9.10.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.1 0.x86_64.rpm
SuSE php5-exif-5.0.4-9.10.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4- 9.10.i586.rpm
SuSE php5-exif-5.0.4-9.10.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9
来源: MLIST
名称: [php-cvs] 20060330 cvs: php-src /ext/standard info.c
链接:http://marc.theaimsgroup.com/?l=php-cvs&m=114374620416389&w=2
来源: cvs.php.net
链接:http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261
来源: XF
名称: php-phpinfo-long-array-xss(25702)
来源: UBUNTU
名称: USN-320-1
来源: BID
名称: 17362
来源: REDHAT
名称: RHSA-2006:0501
来源: www.php.net
来源: OSVDB
名称: 24484
来源: SUSE
名称: SUSE-SA:2006:024
链接:http://www.novell.com/linux/security/advisories/05-05-2006.html
来源: MANDRIVA
名称: MDKSA-2006:074
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
来源: VUPEN
名称: ADV-2006-2685
来源: VUPEN
名称: ADV-2006-1290
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
来源: SECTRACK
名称: 1015879
来源: SREASON
名称: 675
来源: SREASONRES
名称: 20060408 phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2
来源: GENTOO
名称: GLSA-200605-08
来源: SECUNIA
名称: 21564
来源: SECUNIA
名称: 21252
来源: SECUNIA
名称: 21125
来源: SECUNIA
名称: 20951
来源: SECUNIA
名称: 20222
来源: SECUNIA
名称: 20210
来源: SECUNIA
名称: 20052
来源: SECUNIA
名称: 19979
来源: SECUNIA
名称: 19832
来源: SECUNIA
名称: 19775
来源: SECUNIA
名称: 19599
来源: REDHAT
名称: RHSA-2006:0549
来源: REDHAT
名称: RHSA-2006:0276
来源: MANDRIVA
名称: MDKSA-2006:074
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:074
来源: cvs.php.net
链接:http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c