National Cyber Awareness System

Vulnerability Summary for CVE-2008-5814

Overview

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: php-directives-xss(47496)

Hyperlink:http://xforce.iss.net/xforce/xfdb/47496

External Source: VUPEN

Name: ADV-2009-1338

Hyperlink:http://www.vupen.com/english/advisories/2009/1338

External Source: UBUNTU

Name: USN-761-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-761-1

External Source: UBUNTU

Name: USN-761-2

Hyperlink:http://www.ubuntu.com/usn/USN-761-2

External Source: REDHAT

Name: RHSA-2009:0350

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0350.html

External Source: DEBIAN

Name: DSA-1789

Hyperlink:http://www.debian.org/security/2009/dsa-1789

External Source: SECUNIA

Name: 35108

Hyperlink:http://secunia.com/advisories/35108

External Source: SECUNIA

Name: 35007

Hyperlink:http://secunia.com/advisories/35007

External Source: SECUNIA

Name: 35003

Hyperlink:http://secunia.com/advisories/35003

External Source: SECUNIA

Name: 34933

Hyperlink:http://secunia.com/advisories/34933

External Source: SECUNIA

Name: 34830

Hyperlink:http://secunia.com/advisories/34830

External Source: OVAL

Name: oval:org.mitre.oval:def:10501

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10501

External Source: HP

Name: SSRT090053

Hyperlink:http://marc.info/?l=bugtraq&m=124277349419254&w=2

External Source: HP

Name: SSRT090053

Hyperlink:http://marc.info/?l=bugtraq&m=124277349419254&w=2

External Source: JVNDB

Name: JVNDB-2008-000084

Hyperlink:http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html

External Source: JVN

Name: JVN#50327700

Hyperlink:http://jvn.jp/en/jp/JVN50327700/index.html

External Source: HP

Name: HPSBMA02492

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

External Source: HP

Name: HPSBMA02492

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

References to Check Content

Identifier:oval:org.mitre.oval:def:10501

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10501