Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2010-3065
HistoryAug 20, 2010 - 8:00 p.m.

CVE-2010-3065

2010-08-2020:00:03
CWE-264
[email protected]
web.nvd.nist.gov
7

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

75.7%

JSON

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.

Affected configurations

Nvd
Node
phpphpMatch5.2.0
OR
phpphpMatch5.2.1
OR
phpphpMatch5.2.2
OR
phpphpMatch5.2.3
OR
phpphpMatch5.2.4
OR
phpphpMatch5.2.5
OR
phpphpMatch5.2.6
OR
phpphpMatch5.2.7
OR
phpphpMatch5.2.8
OR
phpphpMatch5.2.9
OR
phpphpMatch5.2.10
OR
phpphpMatch5.2.11
OR
phpphpMatch5.2.12
OR
phpphpMatch5.2.13
OR
phpphpMatch5.3.0
OR
phpphpMatch5.3.1
OR
phpphpMatch5.3.2

Related

checkpoint_advisories 2
cvelist 1
prion 1
ubuntucve 1
cve 1
veracode 1
thn 2
threatpost 1
nessus 14
securityvulns 3
openvas 16
osv 1
redhat 1
centos 1
oraclelinux 1
ubuntu 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)
2014-09-14 00:00:00
PHP Session Serializer Session Data Injection (CVE-2010-3065)
2013-10-20 00:00:00
cvelist
cvelist
CVE-2010-3065
2010-08-20 19:00:00
prion
prion
Default configuration
2010-08-20 20:00:00
ubuntucve
ubuntucve
CVE-2010-3065
2010-08-20 00:00:00
cve
cve
CVE-2010-3065
2010-08-20 20:00:03
veracode
veracode
Authorization Bypass
2020-04-10 00:53:58
thn
thn
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 17:45:00
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
2013-09-09 06:45:00
threatpost
threatpost
Call for Ban on Vulnerable PHP SuperGlobal Variables
2013-09-09 14:54:04
nessus
nessus
Debian DSA-2089-1 : php5 - several vulnerabilities
2010-08-23 00:00:00
CentOS 4 / 5 : php (CESA-2010:0919)
2010-12-02 00:00:00
RHEL 4 / 5 : php (RHSA-2010:0919)
2010-11-30 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2010-09-27 00:00:00
[USN-989-1] PHP vulnerabilities
2010-09-27 00:00:00
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
2011-10-12 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2089-1)
2023-03-08 00:00:00
CentOS Update for php CESA-2010:0919 centos5 i386
2011-08-09 00:00:00
Oracle: Security Advisory (ELSA-2010-0919)
2015-10-06 00:00:00
osv
osv
php5 - several vulnerabilities
2010-08-06 00:00:00
redhat
redhat
(RHSA-2010:0919) Moderate: php security update
2010-11-29 00:00:00
centos
centos
php security update
2010-11-30 12:21:14
oraclelinux
oraclelinux
php security update
2010-11-29 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2010-09-20 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

75.7%

JSON
Related for NVD:CVE-2010-3065
checkpoint_advisories2cvelist1prion1ubuntucve1cve1veracode1thn2threatpost1nessus14securityvulns3openvas16osv1redhat1centos1oraclelinux1ubuntu1gentoo1