Vulnerability Name: | CVE-2010-1915 (CCN-58586) |
Assigned: | 2010-05-09 |
Published: | 2010-05-09 |
Updated: | 2017-08-17 |
Summary: | The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-200
|
Vulnerability Consequences: | Obtain Information |
References: | Source: MITRE Type: CNA CVE-2010-1915
Source: SUSE Type: UNKNOWN SUSE-SR:2010:017
Source: SUSE Type: UNKNOWN SUSE-SR:2010:018
Source: CCN Type: MOPS-2010-017 PHP preg_quote() Interruption Information Leak Vulnerability
Source: CCN Type: OSVDB ID: 64608 PHP preg_quote Function Userspace Interruption Memory Disclosure
Source: MISC Type: UNKNOWN http://www.php-security.org/2010/05/09/mops-2010-017-php-preg_quote-interruption-information-leak-vulnerability/index.html
Source: CCN Type: The PHP Group Web site PHP: Hypertext Preprocessor
Source: XF Type: UNKNOWN php-pregquote-information-disclosure(58586)
Source: XF Type: UNKNOWN php-pregquote-information-disclosure(58586)
Source: SUSE Type: SUSE-SR:2010:017 (java-1_4_2-ibm, sudo, libpng, php5, tgt, iscsitarget, aria2, pcsc-lite, tomcat5, tomcat6, lvm2, libvirt, rpm, libtiff, dovecot12)
Source: SUSE Type: SUSE-SR:2010:018 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:* Configuration CCN 1: cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*OR cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |