Lucene search
PRIOn knowledge basePRION:CVE-2010-3065HistoryAug 20, 2010 - 8:00 p.m.
Default configuration
2010-08-2020:00:00
PRIOn knowledge base
www.prio-n.com
3
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
References
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
secunia.com/advisories/42410
www.debian.org/security/2010/dsa-2089
www.redhat.com/support/errata/RHSA-2010-0919.html
www.vupen.com/english/advisories/2010/3081
Related
cvelist
cvelist
CVE-2010-3065
2010-08-20 19:00:00
checkpoint_advisories
checkpoint_advisories
PhpMyAdmin ENV Superglobal Remote Variable Manipulation (CVE-2010-3065)
2014-09-14 00:00:00
PHP Session Serializer Session Data Injection (CVE-2010-3065)
2013-10-20 00:00:00
nvd
nvd
CVE-2010-3065
2010-08-20 20:00:03
ubuntucve
ubuntucve
CVE-2010-3065
2010-08-20 00:00:00
cve
cve
CVE-2010-3065
2010-08-20 20:00:03
veracode
veracode
Authorization Bypass
2020-04-10 00:53:58
thn
thn
threatpost
threatpost
Call for Ban on Vulnerable PHP SuperGlobal Variables
2013-09-09 14:54:04
osv
osv
php5 - several vulnerabilities
2010-08-06 00:00:00
nessus
nessus
Debian DSA-2089-1 : php5 - several vulnerabilities
2010-08-23 00:00:00
Oracle Linux 4 / 5 : php (ELSA-2010-0919)
2013-07-12 00:00:00
CentOS 4 / 5 : php (CESA-2010:0919)
2010-12-02 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2089-1)
2023-03-08 00:00:00
RedHat Update for php RHSA-2010:0919-01
2010-12-09 00:00:00
CentOS Update for php CESA-2010:0919 centos4 i386
2010-12-09 00:00:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2010-09-27 00:00:00
[USN-989-1] PHP vulnerabilities
2010-09-27 00:00:00
[ GLSA 201110-06 ] PHP: Multiple vulnerabilities
2011-10-12 00:00:00
redhat
redhat
(RHSA-2010:0919) Moderate: php security update
2010-11-29 00:00:00
oraclelinux
oraclelinux
php security update
2010-11-29 00:00:00
centos
centos
php security update
2010-11-30 12:21:14
ubuntu
ubuntu
PHP vulnerabilities
2010-09-20 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00