Lucene search

PRIOn knowledge basePRION:CVE-2011-0752

HistoryFeb 02, 2011 - 10:00 p.m.

Design/Logic Flaw

2011-02-0222:00:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.4.9
phpeq3.0
phpeq5.2.9
phpeq4.0 beta1
phpeq3.0.5
phpeq3.0.11
phpeq5.1.5
phpeq5.1.2
phpeq4.0 beta4

Name	Operator	Version
php	eq	4.3.9
php	eq	4.4.9
php	eq	3.0
php	eq	5.2.9
php	eq	4.0 beta1
php	eq	3.0.5
php	eq	3.0.11
php	eq	5.1.5
php	eq	5.1.2
php	eq	4.0 beta4

Rows per page:

1-10 of 991

References

www.openwall.com/lists/oss-security/2010/12/13/4

www.php.net/archive/2010.php

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_15.php

exchange.xforce.ibmcloud.com/vulnerabilities/65432

marc.info/?l=bugtraq&m=133469208622507&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12016

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for PRION:CVE-2011-0752