Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2010-3065
HistoryAug 20, 2010 - 8:00 p.m.

CVE-2010-3065

2010-08-2020:00:00
CWE-264
[email protected]
web.nvd.nist.gov
42
php
session serializer
cve-2010-3065
security vulnerability
context-dependent attackers

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.3%

JSON

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.

Related

checkpoint_advisories 2
prion 1
ubuntucve 1
veracode 1
thn 2
threatpost 1
nessus 14
openvas 16
securityvulns 3
osv 1
redhat 1
oraclelinux 1
centos 1
ubuntu 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)
2014-09-14 00:00:00
PHP Session Serializer Session Data Injection (CVE-2010-3065)
2013-10-20 00:00:00
prion
prion
Default configuration
2010-08-20 20:00:00
ubuntucve
ubuntucve
CVE-2010-3065
2010-08-20 00:00:00
veracode
veracode
Authorization Bypass
2020-04-10 00:53:58
thn
thn
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 17:45:00
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 06:45:00
threatpost
threatpost
Call for Ban on Vulnerable PHP SuperGlobal Variables
2013-09-09 14:54:04
nessus
nessus
Debian DSA-2089-1 : php5 - several vulnerabilities
2010-08-23 00:00:00
Scientific Linux Security Update : php on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 4 / 5 : php (RHSA-2010:0919)
2010-11-30 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2089-1)
2023-03-08 00:00:00
RedHat Update for php RHSA-2010:0919-01
2010-12-09 00:00:00
CentOS Update for php CESA-2010:0919 centos5 i386
2011-08-09 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2010-09-27 00:00:00
[USN-989-1] PHP vulnerabilities
2010-09-27 00:00:00
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
2011-10-12 00:00:00
osv
osv
php5 - several vulnerabilities
2010-08-06 00:00:00
redhat
redhat
(RHSA-2010:0919) Moderate: php security update
2010-11-29 00:00:00
oraclelinux
oraclelinux
php security update
2010-11-29 00:00:00
centos
centos
php security update
2010-11-30 12:21:14
ubuntu
ubuntu
PHP vulnerabilities
2010-09-20 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.3%

JSON
Related for CVE-2010-3065
checkpoint_advisories2prion1ubuntucve1veracode1thn2threatpost1nessus14openvas16securityvulns3osv1redhat1oraclelinux1centos1ubuntu1gentoo1