- Home
- CVEs with nessus.description==Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996)
The html_entity_decode() PHP function was found to not be binary safe.
An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the 'html_entity_decode()' function with untrusted input from the user and displayed the result. (CVE-2006-1490)
The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208)
An input validation error was found in the 'mb_send_mail()' function.
An attacker could use this flaw to inject arbitrary headers in a mail sent via a script calling the 'mb_send_mail()' function where the 'To' parameter can be controlled by the attacker. (CVE-2005-3883)
A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. This issue only affected Red Hat Enterprise Linux 3. (CVE-2005-2933).
Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top