4.3
CVE-2010-2531
- EPSS 5%
- Veröffentlicht 20.08.2010 22:00:01
- Zuletzt bearbeitet 16.06.2026 23:20:55
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5% | 0.911 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://support.apple.com/kb/HT4435
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/42410
http://support.apple.com/kb/HT4312
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://www.vupen.com/english/advisories/2010/3081
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://marc.info/?l=bugtraq&m=130331363227777&w=2
http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143
http://www.debian.org/security/2011/dsa-2266
http://www.openwall.com/lists/oss-security/2010/07/13/1
http://www.openwall.com/lists/oss-security/2010/07/16/3
http://www.php.net/archive/2010.php#id2010-07-22-1
http://www.php.net/archive/2010.php#id2010-07-22-2
https://bugzilla.redhat.com/show_bug.cgi?id=617673