| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.8 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in PHP up to 5.1.3-RC1. This vulnerability affects the function html_entity_decode. Performing a manipulation results in denial of service.
This vulnerability is known as CVE-2006-1490. Furthermore, an exploit is available.
It is advisable to upgrade the affected component.
Details
A vulnerability classified as critical has been found in PHP up to 5.1.3-RC1 (Programming Language Software). This affects the function html_entity_decode. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on confidentiality. The summary by CVE is:
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
The bug was discovered 03/28/2006. The weakness was published 03/28/2006 by Tõnu Samuel (Full-Disclosure). It is possible to read the advisory at archives.neohapsis.com. This vulnerability is uniquely identified as CVE-2006-1490 since 03/29/2006. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known.
The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 21178 (Mandrake Linux Security Advisory : php (MDKSA-2006:063)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Mandriva Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 117727 (CentOS Security Update for PHP (CESA-2006:0276)).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at php.net. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 5 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (25508), Exploit-DB (27508), Tenable (21178), SecurityFocus (BID 17296†) and OSVDB (24248†). Further details are available at news.com.com. Similar entries are available at VDB-2577, VDB-27156 and VDB-32001. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://www.php.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 21178
Nessus Name: Mandrake Linux Security Advisory : php (MDKSA-2006:063)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 56723
OpenVAS Name: Gentoo Security Advisory GLSA 200605-08 (php)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: php.net
Timeline
03/28/2006 🔍03/28/2006 🔍
03/29/2006 🔍
03/29/2006 🔍
03/29/2006 🔍
03/29/2006 🔍
03/29/2006 🔍
03/30/2006 🔍
04/02/2006 🔍
04/04/2006 🔍
04/09/2006 🔍
04/10/2006 🔍
06/14/2025 🔍
Sources
Product: php.orgAdvisory: archives.neohapsis.com
Researcher: Tõnu Samuel
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2006-1490 (🔍)
GCVE (CVE): GCVE-0-2006-1490
GCVE (VulDB): GCVE-100-2115
OVAL: 🔍
X-Force: 25508 - PHP html_entity_decode information disclosure, Low Risk
SecurityFocus: 17296 - PHP Html_Entity_Decode() Information Disclosure Vulnerability
Secunia: 19570 - Trustix updates for multiple packages, Highly Critical
OSVDB: 24248 - PHP html_entity_decode() Function Memory Content Disclosure
Vulnerability Center: 10959 - PHP Memory Contents Disclosure via html_entity_decode() Function, Medium
Vupen: ADV-2006-1149
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 03/30/2006 11:22Updated: 06/14/2025 02:08
Changes: 03/30/2006 11:22 (100), 06/16/2019 11:42 (2), 06/14/2025 02:08 (22)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.