129311 – dev-lang/php: phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2 (CVE-2006-0996)

Bug 129311 - dev-lang/php: phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2 (CVE-2006-0996)

Summary: dev-lang/php: phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2 (CVE-2006-0996)

Status:	RESOLVED DUPLICATE of bug 128883

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://securityreason.com/achievement...
Whiteboard:	B4
Keywords:

Depends on:
Blocks:

Reported:	2006-04-08 22:03 UTC by Jule Slootbeek
Modified:	2006-04-09 01:55 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jule Slootbeek 2006-04-08 22:03:00 UTC

as reported by SecurityReason, PHP 5.1.2 and below has a XSS vulnerability in phpinfo()

http://securityreason.com/achievement_securityalert/34

php team, please verify and advise.

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2006-04-09 01:55:44 UTC


*** This bug has been marked as a duplicate of 128883 ***