Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2100
HistoryMay 27, 2010 - 12:00 a.m.

CVE-2010-2100

2010-05-2700:00:00
ubuntu.com
ubuntu.com
1

9.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.9%

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4)
http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through
5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain
sensitive information (memory contents) by causing a userspace interruption
of an internal function, related to the call time pass by reference
feature.

Notes

Author Note
mdeslaur see CVE-2010-1864 for patch interruption issue, safe_mode - open_basedir bypass, ignoring This is MOPS-2010-036 to MOPS-2010-040

9.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.9%