5
CVSSv2

CVE-2004-0958

Published: 03/11/2004 Updated: 11/10/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

php_variables.c in PHP prior to 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

Affected Products

Vendor Product Versions
PhpPhp5.0.2

Vendor Advisories

Synopsis php security update Type/Severity Security Advisory: Important Topic Updated php packages that fix various security issues and bugs are nowavailable for Red Hat Enterprise Linux 3 Description PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web serverF ...

Exploits

source: wwwsecurityfocuscom/bid/11334/info A vulnerability is reported to present itself in the array parsing functions of the 'php_variablesc' PHP source file The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party, into a dynamically generated web page It is repor ...