Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2014-4721

Published: 06/07/2014 Updated: 19/01/2023
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Php

Vulnerability Summary

The phpinfo implementation in ext/standard/info.c in PHP prior to 5.4.30 and 5.5.x prior to 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent malicious users to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Debian Security Advisories: DSA-2974-1 php5 -- security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0207 Francisco Alonso of the Red Hat Security Response Team reported an incorrect boundary check in the cdf_read_short_se ...
Red Hat: CVE-2014-4721
A type confusion issue was found in PHP's phpinfo() function A malicious script author could possibly use this flaw to disclose certain portions of server memory ...

References

CWE-200http://twitter.com/mikispag/statuses/485713462258302976https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.htmlhttps://bugs.php.net/bug.php?id=67498http://www.php.net/ChangeLog-5.phphttp://secunia.com/advisories/59794http://secunia.com/advisories/59831http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://www.debian.org/security/2014/dsa-2974http://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00046.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21683486http://secunia.com/advisories/54553https://usn.ubuntu.com/2276-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-4721
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook