CVE-2010-3065

Published: Aug 20, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html

x_refsource_MISC

DSA-2089

vendor-advisory

x_refsource_DEBIAN

RHSA-2010:0919

vendor-advisory

x_refsource_REDHAT

42410

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2010:017

vendor-advisory

x_refsource_SUSE

SUSE-SR:2010:018

vendor-advisory

x_refsource_SUSE

ADV-2010-3081

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-3065

Description

Affected Products

References