VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2531
php: The var_export function in PHP 5.2 before 5.2.14 an...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2531

Original

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-20
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-23




Affected Product Tags
cpe:/a:php:php:5.2.0
cpe:/a:php:php:5.2.1
cpe:/a:php:php:5.2.10
cpe:/a:php:php:5.2.11
cpe:/a:php:php:5.2.12
cpe:/a:php:php:5.2.13
cpe:/a:php:php:5.2.2
cpe:/a:php:php:5.2.3
cpe:/a:php:php:5.2.4
cpe:/a:php:php:5.2.5
cpe:/a:php:php:5.2.6
cpe:/a:php:php:5.2.8
cpe:/a:php:php:5.2.9
cpe:/a:php:php:5.3.0
cpe:/a:php:php:5.3.1
cpe:/a:php:php:5.3.2
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=617673




CONFIRM http://www.php.net/archive/2010.php#id2010-07-22-2




CONFIRM http://www.php.net/archive/2010.php#id2010-07-22-1




CONFIRM http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143




MLIST [oss-security] 20100716 Re: Re: CVE request, php var_export




MLIST [oss-security] 20100713 CVE request, php var_export




Vulnerability Type Information Leak / Disclosure (CWE-200)




Copyright © 2010 JPCERT/CC All Rights Reserved.