Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-4156 | First vendor Publication | 2010-11-09 |
| Vendor | Cve | Last vendor Modification | 2011-05-04 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for php53 CESA-2011:0196 centos5 x86_64 File : nvt/gb_CESA-2011_0196_php53_centos5_x86_64.nasl |
| 2012-06-21 | Name : PHP version smaller than 5.3.4 File : nvt/nopsec_php_5_3_4.nasl |
| 2011-08-09 | Name : CentOS Update for php53 CESA-2011:0196 centos5 i386 File : nvt/gb_CESA-2011_0196_php53_centos5_i386.nasl |
| 2011-05-02 | Name : HP System Management Homepage Multiple Vulnerabilities File : nvt/secpod_hp_smh_mult_vuln_apr11.nasl |
| 2011-02-04 | Name : RedHat Update for php53 RHSA-2011:0196-01 File : nvt/gb_RHSA-2011_0196-01_php53.nasl |
| 2011-01-14 | Name : Ubuntu Update for php5 regression USN-1042-2 File : nvt/gb_ubuntu_USN_1042_2.nasl |
| 2011-01-14 | Name : Ubuntu Update for php5 vulnerabilities USN-1042-1 File : nvt/gb_ubuntu_USN_1042_1.nasl |
| 2011-01-11 | Name : Fedora Update for php FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php_fc13.nasl |
| 2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_php-eaccelerator_fc13.nasl |
| 2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-19011 File : nvt/gb_fedora_2010_19011_maniadrive_fc13.nasl |
| 2011-01-11 | Name : Fedora Update for php FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php_fc14.nasl |
| 2011-01-11 | Name : Fedora Update for php-eaccelerator FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_php-eaccelerator_fc14.nasl |
| 2011-01-11 | Name : Fedora Update for maniadrive FEDORA-2010-18976 File : nvt/gb_fedora_2010_18976_maniadrive_fc14.nasl |
| 2010-11-16 | Name : Mandriva Update for libmbfl MDVSA-2010:225 (libmbfl) File : nvt/gb_mandriva_MDVSA_2010_225.nasl |
| 2010-11-16 | Name : Mandriva Update for libmbfl MDVSA-2010:225-1 (libmbfl) File : nvt/gb_mandriva_MDVSA_2010_225_1.nasl |
| 2010-11-09 | Name : PHP 'mb_strcut()' Function Information Disclosure Vulnerability File : nvt/gb_php_44727.nasl |
| 2010-10-01 | Name : PHP 'phar_stream_flush' Format String Vulnerability File : nvt/secpod_php_format_string_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69099 | PHP ext/mbstring/libmbfl/mbfl/mbfilter.c mb_strcut() Function length Paramete... PHP contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered due to an error in 'mbfl_strcut()' in 'ext/mbstring/libmbfl/mbfl/mbfilter.c', which may be exploited by passing a large 'length' parameter to the 'mb_strcut' function, which will disclose potentially sensitive information to a remote attacker. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110203_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2011-04-22 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_3_0_22.nasl - Type : ACT_GATHER_INFO |
| 2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
| 2011-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0196.nasl - Type : ACT_GATHER_INFO |
| 2011-01-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1042-2.nasl - Type : ACT_GATHER_INFO |
| 2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1042-1.nasl - Type : ACT_GATHER_INFO |
| 2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-18976.nasl - Type : ACT_GATHER_INFO |
| 2011-01-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-19011.nasl - Type : ACT_GATHER_INFO |
| 2010-12-13 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_3_4.nasl - Type : ACT_GATHER_INFO |
| 2010-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-225.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 00:26:51 |
|
| 2019-06-08 12:03:27 |
|
| 2016-06-28 18:22:14 |
|
| 2016-04-26 20:13:12 |
|
| 2014-02-17 10:58:29 |
|
| 2013-05-10 23:36:26 |
|
