CVE-2006-5465

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

PHP

First reported 18 years ago

2006-11-04 00:07:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

PHP PHP 5.0.0

5.0.0

PHP PHP 5.0.1

5.0.1

PHP PHP 5.0.2

5.0.2

PHP PHP 5.0.3

5.0.3

PHP PHP 5.0.4

5.0.4

PHP PHP 5.0.5

5.0.5

PHP PHP 5.1.0

5.1.0

PHP PHP 5.1.1

5.1.1

PHP PHP 5.1.2

5.1.2

PHP PHP 5.1.3

5.1.3

PHP 5.1.4

5.1.4

PHP PHP 5.1.5

5.1.5

PHP PHP

References

20061101-01-P

http://docs.info.apple.com/article.html?artnum=304829

http://issues.rpath.com/browse/RPL-761

APPLE-SA-2006-11-28

RHSA-2006:0736

22653

22685

22688

22693

22713

22753

22759

22779

22881

22929

23139

23155

23247

24606

25047

GLSA-200703-21

1017152

1017296

http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm

20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces

20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces

DSA-1206

http://www.hardened-php.net/advisory_132006.138.html

MDKSA-2006:196

SUSE-SA:2006:067

OpenPKG-SA-2006.028

http://www.php.net/releases/5_2_0.php

RHSA-2006:0730

RHSA-2006:0731

20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability

20061109 rPSA-2006-0205-1 php php-mysql php-pgsql

20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability

20879

2006-0061

TLSA-2006-38

USN-375-1

TA06-333A

US Government Resource

ADV-2006-4317

ADV-2006-4749

ADV-2006-4750

ADV-2007-1546

php-htmlentities-bo(29971)

oval:org.mitre.oval:def:10240

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.