Information Disclosure

2019-05-0205:04:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

php is vulnerable to information disclosure. The vulnerability exists as the phpinfo implementation in ext/standard/info.c does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF.

CPENameOperatorVersion
php54-phpeq5.4.16__16.el6
php54-phpeq5.4.16__7.el6
php54-phpeq5.4.16__7.el6.1
php53eq5.3.3__1.el5_6.1
php53eq5.3.3__1.el5_7.5
php53eq5.3.3__13.el5_8
php53eq5.3.3__1.el5
php53eq5.3.3__22.el5_10
php53eq5.3.3__13.el5_9.1
php53eq5.3.3__1.el5_7.6

Name	Operator	Version
php54-php	eq	5.4.16__16.el6
php54-php	eq	5.4.16__7.el6
php54-php	eq	5.4.16__7.el6.1
php53	eq	5.3.3__1.el5_6.1
php53	eq	5.3.3__1.el5_7.5
php53	eq	5.3.3__13.el5_8
php53	eq	5.3.3__1.el5
php53	eq	5.3.3__22.el5_10
php53	eq	5.3.3__13.el5_9.1
php53	eq	5.3.3__1.el5_7.6