CVE-2004-0958

Sažetak

php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html
http://marc.info/?l=bugtraq&m=109527531130492&w=2
http://secunia.com/advisories/12560/
http://securitytracker.com/id?1011279
http://www.redhat.com/support/errata/RHSA-2004-687.html
https://bugzilla.fedora.us/show_bug.cgi?id=2344
https://exchange.xforce.ibmcloud.com/vulnerabilities/17393
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

03-11-2004 - 05:00