VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1915
php: The preg_quote function in PHP 5.2 through 5.2.13 a...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1915

Original

The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-12
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-12




Affected Product Tags
cpe:/a:php:php:5.2.0
cpe:/a:php:php:5.2.1
cpe:/a:php:php:5.2.10
cpe:/a:php:php:5.2.11
cpe:/a:php:php:5.2.12
cpe:/a:php:php:5.2.2
cpe:/a:php:php:5.2.3
cpe:/a:php:php:5.2.4
cpe:/a:php:php:5.2.5
cpe:/a:php:php:5.2.6
cpe:/a:php:php:5.2.7
cpe:/a:php:php:5.2.8
cpe:/a:php:php:5.2.9
cpe:/a:php:php:5.3.0
cpe:/a:php:php:5.3.1
cpe:/a:php:php:5.3.2
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
MISC http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html




Vulnerability Type Information Leak / Disclosure (CWE-200)




Copyright © 2010 JPCERT/CC All Rights Reserved.