Test Kennung:	1.3.6.1.4.1.25623.1.0.801359
Kategorie:	Web application abuses
Titel:	PHP Multiple Information Disclosure Vulnerabilities
Zusammenfassung:	PHP is prone to multiple information disclosure vulnerabilities.
Beschreibung:	Summary: PHP is prone to multiple information disclosure vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error in 'trim()', 'ltrim()', 'rtrim()' and 'substr_replace()' functions, which causes a userspace interruption of an internal function within the call time pass by reference feature. - Error in 'parse_str()', 'preg_match()', 'unpack()' and 'pack()' functions, 'ZEND_FETCH_RW()', 'ZEND_CONCAT()', and 'ZEND_ASSIGN_CONCAT()' opcodes, and the 'ArrayObject::uasort' method, trigger memory corruption by causing a userspace interruption of an internal function or handler. Vulnerability Impact: Successful exploitation could allow local attackers to bypass certain security restrictions and to obtain sensitive information. Affected Software/OS: PHP version 5.2 through 5.2.13 and 5.3 through 5.3.2 Solution: Update to PHP version 5.2.14/5.3.3 or later CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2190 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html SuSE Security Announcement: SUSE-SR:2010:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html XForce ISS Database: php-substrreplace-info-disclosure(59220) https://exchange.xforce.ibmcloud.com/vulnerabilities/59220 Common Vulnerability Exposure (CVE) ID: CVE-2010-2191 http://www.php-security.org/2010/05/31/mops-2010-049-php-parse_str-interruption-memory-corruption-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-050-php-preg_match-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-051-php-unpack-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-052-php-pack-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-053-php-zend_fetch_rw-opcode-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-054-php-zend_concatzend_assign_concat-opcode-interruption-information-leak-and-memory-corruption-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-055-php-arrayobjectuasort-interruption-memory-corruption-vulnerability/index.html XForce ISS Database: php-parsestr-info-disclosure(59221) https://exchange.xforce.ibmcloud.com/vulnerabilities/59221
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.