CVE-2010-2531

2010-08-2000:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

88.4%

JSON

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3
flushes the output buffer to the user when certain fatal errors occur, even
if display_errors is off, which allows remote attackers to obtain sensitive
information by causing the application to exceed limits for memory,
execution time, or recursion.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2531>

Notes

Author	Note
kees	5.2.14 and 5.3.3

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.19UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.12UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.6UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.5UNKNOWN
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	php5	< 5.1.2-1ubuntu3.19	UNKNOWN
ubuntu	8.04	noarch	php5	< 5.2.4-2ubuntu5.12	UNKNOWN
ubuntu	9.04	noarch	php5	< 5.2.6.dfsg.1-3ubuntu4.6	UNKNOWN
ubuntu	9.10	noarch	php5	< 5.2.10.dfsg.1-2ubuntu6.5	UNKNOWN
ubuntu	10.04	noarch	php5	< 5.3.2-1ubuntu4.5	UNKNOWN