Back to search
CVE-2010-2531
Published: Aug 20, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
HPSBOV02763
vendor-advisory
x_refsource_HP
HPSBMA02662
vendor-advisory
x_refsource_HP
[oss-security] 20100716 Re: Re: CVE request, php var_export
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=617673
x_refsource_CONFIRM
DSA-2266
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
RHSA-2010:0919
vendor-advisory
x_refsource_REDHAT
APPLE-SA-2010-08-24-1
vendor-advisory
x_refsource_APPLE
[oss-security] 20100713 CVE request, php var_export
mailing-list
x_refsource_MLIST
http://www.php.net/archive/2010.php#id2010-07-22-2
x_refsource_CONFIRM
SSRT100826
vendor-advisory
x_refsource_HP
http://support.apple.com/kb/HT4312
x_refsource_CONFIRM
42410
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:017
vendor-advisory
x_refsource_SUSE
SSRT100409
vendor-advisory
x_refsource_HP
http://www.php.net/archive/2010.php#id2010-07-22-1
x_refsource_CONFIRM
SUSE-SR:2010:018
vendor-advisory
x_refsource_SUSE
ADV-2010-3081
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now