Lucene search

K
nvd[email protected]NVD:CVE-2010-4156
HistoryNov 10, 2010 - 3:00 a.m.

CVE-2010-4156

2010-11-1003:00:02
CWE-20
web.nvd.nist.gov
11
mb_strcut
libmbfl
php 5.3.x through 5.3.3
context-dependent attackers
sensitive information

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.012

Percentile

85.5%

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

Affected configurations

Nvd
Node
phpphpMatch5.3.0
OR
phpphpMatch5.3.1
OR
phpphpMatch5.3.2
OR
phpphpMatch5.3.3
AND
scottmaclibmbflMatch1.1.0
VendorProductVersionCPE
phpphp5.3.0cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
phpphp5.3.1cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
phpphp5.3.2cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
phpphp5.3.3cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
scottmaclibmbfl1.1.0cpe:2.3:a:scottmac:libmbfl:1.1.0:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.012

Percentile

85.5%