CVE-2010-2101
- Public Date:
- 2010-05-26
- Bugzilla:
- 618825: CVE-2010-2101 php: multiple interruption vulnerabilities (MOPS-2010-04[123456])
The MITRE CVE dictionary describes this issue as:
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
Find out more about CVE-2010-2101 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 2.1 |
|---|---|
| Base Metrics | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
CVE description copyright © 2017, The MITRE Corporation