Vulnerability CVE-2010-2101 - CERT Civis.Net

Vulnerability Name:

CVE-2010-2101 (CCN-59077)

Assigned:

2010-05-26

Published:

2010-05-26

Updated:

2016-08-23

Summary:

The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2010-2101

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:017

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:018

Source: HP
Type: UNKNOWN
SSRT100826

Source: CCN
Type: MOPS-2010-041
PHP strip_tags() Interruption Information Leak Vulnerability

Source: MISC
Type: Exploit
http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html

Source: CCN
Type: MOPS-2010-042
PHP setcookie() Interruption Information Leak Vulnerability

Source: MISC
Type: Exploit
http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html

Source: CCN
Type: MOPS-2010-043
PHP strtok() Interruption Information Leak Vulnerability

Source: MISC
Type: Exploit
http://php-security.org/2010/05/26/mops-2010-043-php-strtok-interruption-information-leak-vulnerability/index.html

Source: CCN
Type: MOPS-2010-044
PHP wordwrap() Interruption Information Leak Vulnerability

Source: MISC
Type: Exploit
http://php-security.org/2010/05/26/mops-2010-044-php-wordwrap-interruption-information-leak-vulnerability/index.html

Source: CCN
Type: MOPS-2010-045
PHP str_word_count() Interruption Information Leak Vulnerability

Source: MISC
Type: Exploit
http://php-security.org/2010/05/26/mops-2010-045-php-str_word_count-interruption-information-leak-vulnerability/index.html

Source: CCN
Type: MOPS-2010-046
PHPs str_pad() function can be abused for information leak attacks, because of the call time pass by reference feature.

Source: MISC
Type: Exploit
http://php-security.org/2010/05/26/mops-2010-046-php-str_pad-interruption-information-leak-vulnerability/index.html

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: CCN
Type: OSVDB ID: 66096
PHP wordwrap Function Userspace Interuption Arbitrary Memory Content Disclosure

Source: CCN
Type: OSVDB ID: 66097
PHP strip_tags Function Userspace Interuption Arbitrary Memory Content Disclosure

Source: CCN
Type: OSVDB ID: 66098
PHP setcookie Function Userspace Interuption Arbitrary Memory Content Disclosure

Source: XF
Type: UNKNOWN
php-userspace-info-disclosure(59077)

Source: SUSE
Type: SUSE-SR:2010:017
(java-1_4_2-ibm, sudo, libpng, php5, tgt, iscsitarget, aria2, pcsc-lite, tomcat5, tomcat6, lvm2, libvirt, rpm, libtiff, dovecot12)

Source: SUSE
Type: SUSE-SR:2010:018
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.13:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.13:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20102101	V	CVE-2010-2101	2015-11-16