Your submission was sent successfully! Close

CVE-2008-5814

Published: 2 January 2009

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.

Priority

Low

Status

Package Release Status
php4
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

php5
Launchpad, Ubuntu, Debian
dapper
Released (5.1.2-1ubuntu3.14)
gutsy Needed
(reached end-of-life)
hardy
Released (5.2.4-2ubuntu5.6)
intrepid
Released (5.2.6-2ubuntu4.2)
jaunty
Released (5.2.6.dfsg.1-3ubuntu4.1)
karmic Not vulnerable
(5.2.10.dfsg.1-1ubuntu1)
upstream
Released (5.2.10.dfsg.1-1ubuntu1)
Patches:
upstream: http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/head.c?r1=1.84.2.1.2.8&r2=1.84.2.1.2.9&pathrev=PHP_5_2

Notes

AuthorNote
jdstrand
verified 5.2.10.dfsg.1-1ubuntu1 in 9.10 is not affected by
looking at the source package

References