Veracode Vulnerability DatabaseVERACODE:24427Information Disclosure
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
php is vulnerable to information disclosure. The vulnerability exists as an information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function’s output was sent to the user as script output, possibly leading to the disclosure of sensitive information.
References
lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
marc.info/?l=bugtraq&m=130331363227777&w=2
marc.info/?l=bugtraq&m=133469208622507&w=2
secunia.com/advisories/42410
support.apple.com/kb/HT4312
support.apple.com/kb/HT4435
svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143
www.debian.org/security/2011/dsa-2266
www.openwall.com/lists/oss-security/2010/07/13/1
www.openwall.com/lists/oss-security/2010/07/16/3
www.php.net/archive/2010.php#id2010-07-22-1
www.php.net/archive/2010.php#id2010-07-22-2
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0919.html
www.vupen.com/english/advisories/2010/3081
access.redhat.com/errata/RHSA-2010:0919
bugzilla.redhat.com/show_bug.cgi?id=617673
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N