The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
References
Configurations
History
19 Jan 2023, 16:39
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/42410 - Broken Link | |
References | (CONFIRM) http://support.apple.com/kb/HT4312 - Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=617673 - Issue Tracking, Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0919.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143 - Vendor Advisory | |
References | (CONFIRM) http://www.php.net/archive/2010.php#id2010-07-22-2 - Vendor Advisory | |
References | (DEBIAN) http://www.debian.org/security/2011/dsa-2266 - Third Party Advisory | |
References | (HP) http://marc.info/?l=bugtraq&m=133469208622507&w=2 - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://www.php.net/archive/2010.php#id2010-07-22-1 - Vendor Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT4435 - Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/07/16/3 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2010/07/13/1 - Mailing List, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2010/3081 - Permissions Required | |
References | (HP) http://marc.info/?l=bugtraq&m=130331363227777&w=2 - Mailing List, Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html - Mailing List, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
Information
Published : 2010-08-20 22:00
Updated : 2023-12-10 11:03
NVD link : CVE-2010-2531
Mitre link : CVE-2010-2531
CVE.ORG link : CVE-2010-2531
JSON object : View
Products Affected
debian
- debian_linux
php
- php
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor