CVE-2010-2531

Executive Summary

Informations
Name	CVE-2010-2531	First vendor Publication	2010-08-20
Vendor	Cve	Last vendor Modification	2011-08-26

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2531

CWE : Common Weakness Enumeration

id	Name
CWE-200	Information Exposure

CPE : Common Platform Enumeration

Type	Description	Count
Application	Php Php cpe:/a:php:php:5.3.2 cpe:/a:php:php:5.3.1 cpe:/a:php:php:5.3.0 cpe:/a:php:php:5.2.9 cpe:/a:php:php:5.2.8 cpe:/a:php:php:5.2.6 cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.2.13 cpe:/a:php:php:5.2.12 cpe:/a:php:php:5.2.11 cpe:/a:php:php:5.2.10 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.0	16

Open Source Vulnerability Database (OSVDB)

id	Description
66805	PHP var_export() Function Fata Error Information Disclosure

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
CONFIRM	http://support.apple.com/kb/HT4312 http://support.apple.com/kb/HT4435 http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functi... http://www.php.net/archive/2010.php#id2010-07-22-1 http://www.php.net/archive/2010.php#id2010-07-22-2 https://bugzilla.redhat.com/show_bug.cgi?id=617673
DEBIAN	http://www.debian.org/security/2011/dsa-2266
HP	http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://marc.info/?l=bugtraq&m=130331363227777&w=2
MLIST	http://www.openwall.com/lists/oss-security/2010/07/13/1 http://www.openwall.com/lists/oss-security/2010/07/16/3
REDHAT	http://www.redhat.com/support/errata/RHSA-2010-0919.html
SECUNIA	http://secunia.com/advisories/42410
SUSE	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
VUPEN	http://www.vupen.com/english/advisories/2010/3081

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:28:15	Multiple Updates

Type	Count
CPE ID(s)	16
osvdb(s)	1

Related	Severity
HPSBMA02662 SSR...	(Critical)
GLSA-201110-06	(Critical)
USN-989-1	(High)
MDVSA-2010:140	(High)
MDVSA-2010:139	(High)
HPSBOV02763 SSR...	(High)
DSA-2266	(High)
DSA-2262	(High)
RHSA-2010:0919	(Medium)