Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2010-1866First vendor Publication2010-05-07
VendorCveLast vendor Modification2010-09-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1866

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application3

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201110-06 (php)
File : nvt/glsa_201110_06.nasl
2010-09-22Name : Ubuntu Update for php5 vulnerabilities USN-989-1
File : nvt/gb_ubuntu_USN_989_1.nasl
2010-05-04Name : PHP 'php_dechunk()' HTTP Chunked Encoding Integer Overflow Vulnerability
File : nvt/gb_php_39877.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
64527PHP Dechunk Filter Negative Chunk Size Signed Comparison Bypass DoS

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-mod_php5-100812.nasl - Type : ACT_GATHER_INFO
2011-10-12Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php5-100805.nasl - Type : ACT_GATHER_INFO
2010-09-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-989-1.nasl - Type : ACT_GATHER_INFO
2010-09-13Name : The remote openSUSE host is missing a security update.
File : suse_11_2_apache2-mod_php5-100813.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
MISChttp://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-co...
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-06-14 13:28:47
  • Multiple Updates
2014-02-17 10:55:30
  • Multiple Updates
2013-05-10 23:25:00
  • Multiple Updates