Published: 03/11/2004 Updated: 11/10/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

php_variables.c in PHP prior to 5.0.2 allows remote malicious users to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

Vendor Advisories

Synopsis php security update Type/Severity Security Advisory: Important Topic Updated php packages that fix various security issues and bugs are nowavailable for Red Hat Enterprise Linux 3 Description PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web serverF ...


source: wwwsecurityfocuscom/bid/11334/info A vulnerability is reported to present itself in the array parsing functions of the 'php_variablesc' PHP source file The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party, into a dynamically generated web page It is repor ...