Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3870
HistoryNov 12, 2010 - 12:00 a.m.

CVE-2010-3870

2010-11-1200:00:00
ubuntu.com
ubuntu.com
9

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

75.2%

The utf8_decode function in PHP before 5.3.4 does not properly handle
non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data,
which makes it easier for remote attackers to bypass cross-site scripting
(XSS) and SQL injection protection mechanisms via a crafted string.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.20UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.13UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.6UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.6UNKNOWN
ubuntu10.10noarchphp5< 5.3.3-1ubuntu9.2UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

75.2%