| Vulnerability Name: | CVE-2010-2531 (CCN-60742) | ||||||||||||||||||||||||||||||||
| Assigned: | 2010-07-09 | ||||||||||||||||||||||||||||||||
| Published: | 2010-07-09 | ||||||||||||||||||||||||||||||||
| Updated: | 2023-01-19 | ||||||||||||||||||||||||||||||||
| Summary: | The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-2531 Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: CCN Type: RHSA-2010-0919 Moderate: php security update Source: CCN Type: Apple Web site About Security Update 2010-005 Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: DEBIAN Type: DSA-2266 php5 -- several vulnerabilities Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Mailing List, Third Party Advisory secalert@redhat.com Source: CCN Type: OSVDB ID: 66805 PHP var_export() Function Fata Error Information Disclosure Source: CCN Type: PHP Web site PHP: Hypertext Preprocessor Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: BID-41991 PHP Versions Prior to 5.3.3/5.2.14 Multiple Vulnerabilities Source: secalert@redhat.com Type: Permissions Required secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 617673 CVE-2010-2531 php: information leak vulnerability in var_export() Source: secalert@redhat.com Type: Issue Tracking, Third Party Advisory secalert@redhat.com Source: XF Type: UNKNOWN php-varexport-info-disclosure(60742) Source: SUSE Type: SUSE-SR:2010:017 (java-1_4_2-ibm, sudo, libpng, php5, tgt, iscsitarget, aria2, pcsc-lite, tomcat5, tomcat6, lvm2, libvirt, rpm, libtiff, dovecot12) Source: SUSE Type: SUSE-SR:2010:018 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||