4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.018 Low
EPSS
Percentile
88.4%
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3
flushes the output buffer to the user when certain fatal errors occur, even
if display_errors is off, which allows remote attackers to obtain sensitive
information by causing the application to exceed limits for memory,
execution time, or recursion.
Author | Note |
---|---|
kees | 5.2.14 and 5.3.3 |