[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2225Date: (C)2010-06-24   (M)2024-02-22


Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-40860
BID-40948
APPLE-SA-2010-08-24-1
DSA-2089
SSRT100826
SUSE-SR:2010:017
SUSE-SR:2010:018
http://pastebin.com/mXGidCsd
http://support.apple.com/kb/HT4312
http://twitter.com/i0n1c/statuses/16373156076
http://twitter.com/i0n1c/statuses/16447867829
https://bugzilla.redhat.com/show_bug.cgi?id=605641
php-splobjectstorage-code-execution(59610)

CPE    17
cpe:/a:php:php:5.3.2
cpe:/a:php:php:5.2.3
cpe:/a:php:php:5.2.4
cpe:/a:php:php:5.2.5
...
CWE    1
CWE-399
OVAL    12
oval:org.secpod.oval:def:600063
oval:org.secpod.oval:def:3745
oval:org.secpod.oval:def:100345
oval:org.secpod.oval:def:301184
...

© SecPod Technologies