4.3

CVE-2005-3388

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version4.0.0
PhpPhp Version4.0.1
PhpPhp Version4.0.1 Updatepatch1
PhpPhp Version4.0.1 Updatepatch2
PhpPhp Version4.0.2
PhpPhp Version4.0.3
PhpPhp Version4.0.3 Updatepatch1
PhpPhp Version4.0.4
PhpPhp Version4.0.5
PhpPhp Version4.0.6
PhpPhp Version4.0.7
PhpPhp Version4.0.7 Updaterc1
PhpPhp Version4.0.7 Updaterc2
PhpPhp Version4.0.7 Updaterc3
PhpPhp Version4.1.0
PhpPhp Version4.1.1
PhpPhp Version4.1.2
PhpPhp Version4.2 Editiondev
PhpPhp Version4.2.0
PhpPhp Version4.2.1
PhpPhp Version4.2.2
PhpPhp Version4.2.3
PhpPhp Version4.3.0
PhpPhp Version4.3.1
PhpPhp Version4.3.2
PhpPhp Version4.3.3
PhpPhp Version4.3.4
PhpPhp Version4.3.5
PhpPhp Version4.3.6
PhpPhp Version4.3.7
PhpPhp Version4.3.8
PhpPhp Version4.3.9
PhpPhp Version4.3.10
PhpPhp Version4.3.11
PhpPhp Version4.4.0
PhpPhp Version5.0.0
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 48.9% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/17559
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://secunia.com/advisories/22691
http://www.php.net/release_4_4_1.php
Patch
http://www.vupen.com/english/advisories/2006/4320
http://secunia.com/advisories/17371
Patch
Vendor Advisory
http://secunia.com/advisories/17510
http://secunia.com/advisories/17557
http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:213
http://www.vupen.com/english/advisories/2005/2254
http://www.novell.com/linux/security/advisories/2005_27_sr.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/21252
http://secunia.com/advisories/18198
https://www.ubuntu.com/usn/usn-232-1/
http://secunia.com/advisories/17490
http://secunia.com/advisories/17531
http://secunia.com/advisories/18669
http://securityreason.com/securityalert/133
http://securitytracker.com/id?1015130
http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm
http://www.hardened-php.net/advisory_182005.77.html
Vendor Advisory
http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html
http://www.redhat.com/support/errata/RHSA-2005-831.html
http://www.redhat.com/support/errata/RHSA-2005-838.html
http://www.securityfocus.com/archive/1/415292
http://www.securityfocus.com/bid/15248
Patch
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10542