CVE-2010-2101

The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
phpphp
5.3.0
phpphp
5.3.1
phpphp
5.3.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-043-php-strtok-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-044-php-wordwrap-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-045-php-str_word_count-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-046-php-str_pad-interruption-information-leak-vulnerability/index.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://php-security.org/2010/05/26/mops-2010-041-php-strip_tags-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-042-php-setcookie-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-043-php-strtok-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-044-php-wordwrap-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-045-php-str_word_count-interruption-information-leak-vulnerability/index.html
http://php-security.org/2010/05/26/mops-2010-046-php-str_pad-interruption-information-leak-vulnerability/index.html