CVE-2006-5465 - Vulnerability Details

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php	Php
Redhat	Enterprise Linux Rhel Application Stack Rhel Stronghold

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:5.0:rc1::::::
	cpe:2.3:a:php:php:5.0:rc2::::::
	cpe:2.3:a:php:php:5.0:rc3::::::
	cpe:2.3:a:php:php:5.0.0:::::::*
	cpe:2.3:a:php:php:5.0.1:::::::*
	cpe:2.3:a:php:php:5.0.2:::::::*
	cpe:2.3:a:php:php:5.0.3:::::::*
	cpe:2.3:a:php:php:5.0.4:::::::*
	cpe:2.3:a:php:php:5.0.5:::::::*
	cpe:2.3:a:php:php:5.1.0:::::::*
	cpe:2.3:a:php:php:5.1.1:::::::*
	cpe:2.3:a:php:php:5.1.2:::::::*
	cpe:2.3:a:php:php:5.1.3:::::::*
	cpe:2.3:a:php:php:5.1.4:::::::*
	cpe:2.3:a:php:php:5.1.5:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
php-0:4.1.2-2.13	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0730	2006-11-06T00:00:00Z
Red Hat Enterprise Linux 3
php-0:4.3.2-37.ent	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0730	2006-11-06T00:00:00Z
Red Hat Enterprise Linux 4
php-0:4.3.9-3.22	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0730	2006-11-06T00:00:00Z
Red Hat Web Application Stack for RHEL 4
php-0:5.1.4-1.el4s1.5	cpe:/a:redhat:rhel_application_stack:1	RHSA-2006:0731	2006-11-10T00:00:00Z
Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)
	cpe:/a:redhat:rhel_stronghold:4.0	RHSA-2006:0736	2006-12-11T00:00:00Z

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://docs.info.apple.com/article.html?artnum=304829
http://issues.rpath.com/browse/RPL-761
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://rhn.redhat.com/errata/RHSA-2006-0736.html
http://secunia.com/advisories/22653
http://secunia.com/advisories/22685
http://secunia.com/advisories/22688
http://secunia.com/advisories/22693
http://secunia.com/advisories/22713
http://secunia.com/advisories/22753
http://secunia.com/advisories/22759
http://secunia.com/advisories/22779
http://secunia.com/advisories/22881
http://secunia.com/advisories/22929
http://secunia.com/advisories/23139
http://secunia.com/advisories/23155
http://secunia.com/advisories/23247
http://secunia.com/advisories/24606
http://secunia.com/advisories/25047
http://security.gentoo.org/glsa/glsa-200703-21.xml
http://securitytracker.com/id?1017152
http://securitytracker.com/id?1017296
http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm
http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html
http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml
http://www.debian.org/security/2006/dsa-1206
http://www.hardened-php.net/advisory_132006.138.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:196
http://www.novell.com/linux/security/advisories/2006_67_php.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html
http://www.php.net/releases/5_2_0.php
http://www.redhat.com/support/errata/RHSA-2006-0730.html
http://www.redhat.com/support/errata/RHSA-2006-0731.html
http://www.securityfocus.com/archive/1/450431/100/0/threaded
http://www.securityfocus.com/archive/1/451098/100/0/threaded
http://www.securityfocus.com/archive/1/453024/100/0/threaded
http://www.securityfocus.com/bid/20879
http://www.trustix.org/errata/2006/0061/
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
http://www.ubuntu.com/usn/usn-375-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.vupen.com/english/advisories/2006/4317
http://www.vupen.com/english/advisories/2006/4749
http://www.vupen.com/english/advisories/2006/4750
http://www.vupen.com/english/advisories/2007/1546
https://exchange.xforce.ibmcloud.com/vulnerabilities/29971
https://nvd.nist.gov/vuln/detail/CVE-2006-5465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240
https://www.cve.org/CVERecord?id=CVE-2006-5465

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-11-04T00:00:00

Updated: 2024-08-07T19:48:30.543Z

Reserved: 2006-10-23T00:00:00

Link: CVE-2006-5465

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-11-04T00:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5465

Redhat

Severity : Important

Publid Date: 2006-11-02T00:00:00Z

Links: CVE-2006-5465 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "22881", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22881"}, {"name": "1017152", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017152"}, {"name": "ADV-2006-4750", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "ADV-2006-4749", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4749"}, {"name": "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"}, {"name": "RHSA-2006:0731", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"}, {"name": "22759", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22759"}, {"name": "24606", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24606"}, {"name": "ADV-2007-1546", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1546"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "TLSA-2006-38", "tags": ["vendor-advisory", "x_refsource_TURBO"], "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"}, {"name": "DSA-1206", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1206"}, {"name": "22693", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22693"}, {"name": "23247", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23247"}, {"name": "22653", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22653"}, {"name": "22688", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22688"}, {"name": "2006-0061", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2006/0061/"}, {"name": "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"}, {"name": "GLSA-200703-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"name": "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"}, {"name": "22713", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22713"}, {"name": "22685", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22685"}, {"name": "ADV-2006-4317", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4317"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hardened-php.net/advisory_132006.138.html"}, {"name": "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://issues.rpath.com/browse/RPL-761"}, {"name": "20061101-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"}, {"name": "SUSE-SA:2006:067", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"}, {"name": "php-htmlentities-bo(29971)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"}, {"name": "23155", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23155"}, {"name": "MDKSA-2006:196", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"}, {"name": "25047", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25047"}, {"name": "1017296", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017296"}, {"name": "22779", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22779"}, {"name": "RHSA-2006:0730", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"}, {"name": "20879", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20879"}, {"name": "USN-375-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-375-1"}, {"name": "APPLE-SA-2006-11-28", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"}, {"name": "TA06-333A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"name": "OpenPKG-SA-2006.028", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"}, {"name": "22929", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22929"}, {"name": "22753", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22753"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"}, {"name": "oval:org.mitre.oval:def:10240", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"}, {"name": "23139", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23139"}, {"name": "RHSA-2006:0736", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.php.net/releases/5_2_0.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2006-5465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22881", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22881"}, {"name": "1017152", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017152"}, {"name": "ADV-2006-4750", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "ADV-2006-4749", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4749"}, {"name": "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"}, {"name": "RHSA-2006:0731", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"}, {"name": "22759", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22759"}, {"name": "24606", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24606"}, {"name": "ADV-2007-1546", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1546"}, {"name": "http://docs.info.apple.com/article.html?artnum=304829", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "TLSA-2006-38", "refsource": "TURBO", "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"}, {"name": "DSA-1206", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1206"}, {"name": "22693", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22693"}, {"name": "23247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23247"}, {"name": "22653", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22653"}, {"name": "22688", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22688"}, {"name": "2006-0061", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2006/0061/"}, {"name": "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"}, {"name": "GLSA-200703-21", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"name": "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"}, {"name": "22713", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22713"}, {"name": "22685", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22685"}, {"name": "ADV-2006-4317", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4317"}, {"name": "http://www.hardened-php.net/advisory_132006.138.html", "refsource": "MISC", "url": "http://www.hardened-php.net/advisory_132006.138.html"}, {"name": "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"}, {"name": "http://issues.rpath.com/browse/RPL-761", "refsource": "CONFIRM", "url": "http://issues.rpath.com/browse/RPL-761"}, {"name": "20061101-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"}, {"name": "SUSE-SA:2006:067", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"}, {"name": "php-htmlentities-bo(29971)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"}, {"name": "23155", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23155"}, {"name": "MDKSA-2006:196", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"}, {"name": "25047", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25047"}, {"name": "1017296", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017296"}, {"name": "22779", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22779"}, {"name": "RHSA-2006:0730", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"}, {"name": "20879", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20879"}, {"name": "USN-375-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-375-1"}, {"name": "APPLE-SA-2006-11-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"}, {"name": "TA06-333A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"name": "OpenPKG-SA-2006.028", "refsource": "OPENPKG", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"}, {"name": "22929", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22929"}, {"name": "22753", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22753"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"}, {"name": "oval:org.mitre.oval:def:10240", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"}, {"name": "23139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23139"}, {"name": "RHSA-2006:0736", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"}, {"name": "http://www.php.net/releases/5_2_0.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_2_0.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:48:30.543Z"}, "title": "CVE Program Container", "references": [{"name": "22881", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22881"}, {"name": "1017152", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017152"}, {"name": "ADV-2006-4750", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"name": "ADV-2006-4749", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4749"}, {"name": "20061102 Advisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"}, {"name": "RHSA-2006:0731", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"}, {"name": "22759", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22759"}, {"name": "24606", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24606"}, {"name": "ADV-2007-1546", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1546"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"name": "TLSA-2006-38", "tags": ["vendor-advisory", "x_refsource_TURBO", "x_transferred"], "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"}, {"name": "DSA-1206", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1206"}, {"name": "22693", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22693"}, {"name": "23247", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23247"}, {"name": "22653", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22653"}, {"name": "22688", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22688"}, {"name": "2006-0061", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2006/0061/"}, {"name": "20061129 SYM06-023, Symantec NetBackup PureDisk: PHP update to Address Reported Security Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"}, {"name": "GLSA-200703-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"name": "20061109 rPSA-2006-0205-1 php php-mysql php-pgsql", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"}, {"name": "22713", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22713"}, {"name": "22685", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22685"}, {"name": "ADV-2006-4317", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4317"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hardened-php.net/advisory_132006.138.html"}, {"name": "20070425 PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://issues.rpath.com/browse/RPL-761"}, {"name": "20061101-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"}, {"name": "SUSE-SA:2006:067", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"}, {"name": "php-htmlentities-bo(29971)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"}, {"name": "23155", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23155"}, {"name": "MDKSA-2006:196", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"}, {"name": "25047", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25047"}, {"name": "1017296", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017296"}, {"name": "22779", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22779"}, {"name": "RHSA-2006:0730", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"}, {"name": "20879", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20879"}, {"name": "USN-375-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-375-1"}, {"name": "APPLE-SA-2006-11-28", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"name": "20070425 Cisco Applied Intelligence Response: Identifying and Mitigating Exploitation of the PHP HTML Entity Encoder Heap Overflow Vulnerability in Multiple Web-Based Management Interfaces", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"}, {"name": "TA06-333A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"name": "OpenPKG-SA-2006.028", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"}, {"name": "22929", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22929"}, {"name": "22753", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22753"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"}, {"name": "oval:org.mitre.oval:def:10240", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"}, {"name": "23139", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23139"}, {"name": "RHSA-2006:0736", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.php.net/releases/5_2_0.php"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-5465", "datePublished": "2006-11-04T00:00:00", "dateReserved": "2006-10-23T00:00:00", "dateUpdated": "2024-08-07T19:48:30.543Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C85C56B-D27F-433F-A268-34463619B183", "versionEndIncluding": "5.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E3797AB5-9E49-4251-A212-B6E5D9996764", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en PHP anterior a 5.2.0 permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n mediante entradas UTF-8 manipuladas a las funciones (1) htmlentities o (2) htmlspecialchars."}], "id": "CVE-2006-5465", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-04T00:07:00.000", "references": [{"source": "secalert@redhat.com", "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"}, {"source": "secalert@redhat.com", "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"source": "secalert@redhat.com", "url": "http://issues.rpath.com/browse/RPL-761"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22653"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22685"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22688"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22693"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22713"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22753"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22759"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22779"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22881"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22929"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23139"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23155"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23247"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24606"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25047"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1017152"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1017296"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"}, {"source": "secalert@redhat.com", "url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"}, {"source": "secalert@redhat.com", "url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2006/dsa-1206"}, {"source": "secalert@redhat.com", "url": "http://www.hardened-php.net/advisory_132006.138.html"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"}, {"source": "secalert@redhat.com", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"}, {"source": "secalert@redhat.com", "url": "http://www.php.net/releases/5_2_0.php"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/20879"}, {"source": "secalert@redhat.com", "url": "http://www.trustix.org/errata/2006/0061/"}, {"source": "secalert@redhat.com", "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-375-1"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/4317"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/4749"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/1546"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://docs.info.apple.com/article.html?artnum=304829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://issues.rpath.com/browse/RPL-761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2006-0736.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22779"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200703-21.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017296"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-245.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cisco.com/en/US/products/products_security_response09186a008082c4fe.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-1206"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.hardened-php.net/advisory_132006.138.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_67_php.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.php.net/releases/5_2_0.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2006-0730.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2006-0731.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/450431/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/451098/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453024/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20879"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2006/0061/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.turbolinux.com/security/2006/TLSA-2006-38.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-375-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4750"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1546"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10240"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2006:0730", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "php-0:4.1.2-2.13", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2006-11-06T00:00:00Z"}, {"advisory": "RHSA-2006:0730", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "php-0:4.3.2-37.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2006-11-06T00:00:00Z"}, {"advisory": "RHSA-2006:0730", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "php-0:4.3.9-3.22", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-11-06T00:00:00Z"}, {"advisory": "RHSA-2006:0731", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "php-0:5.1.4-1.el4s1.5", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2006-11-10T00:00:00Z"}, {"advisory": "RHSA-2006:0736", "cpe": "cpe:/a:redhat:rhel_stronghold:4.0", "product_name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "release_date": "2006-12-11T00:00:00Z"}], "bugzilla": {"description": "PHP buffer overflow", "id": "213732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=213732"}, "csaw": false, "details": ["Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions."], "name": "CVE-2006-5465", "public_date": "2006-11-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-5465\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-5465"], "statement": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object