Bug 172213 - CVE-2005-3388 PHP phpinfo() XSS attack
Summary: CVE-2005-3388 PHP phpinfo() XSS attack
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: php
Version: 4
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
URL:
Whiteboard: impact=low,public=20051031,source=ful...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-11-01 16:29 UTC by Josh Bressers
Modified: 2020-06-23 01:20 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-11-25 12:49:06 UTC
Type: ---


Attachments (Terms of Use)

Description Josh Bressers 2005-11-01 16:29:43 UTC
+++ This bug was initially created as a clone of Bug #172212 +++

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up
to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web
script or HTML via a crafted URL with a "stacked array assignment."

http://www.hardened-php.net/advisory_182005.77.html

This issue should also affect FC3

Comment 1 Joe Orton 2005-11-25 12:49:06 UTC
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.

Comment 2 Fedora Update System 2020-06-16 23:42:35 UTC
FEDORA-2020-fb144e7de5 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-fb144e7de5

Comment 3 Fedora Update System 2020-06-18 14:13:40 UTC
FEDORA-2020-fb144e7de5 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-fb144e7de5`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-fb144e7de5

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Fedora Update System 2020-06-23 01:20:53 UTC
FEDORA-2020-fb144e7de5 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.