CVE-2010-2100

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.

Las funciones (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, y (6) strtr en PHP v5.2 hasta v5.2.13 y v5.3 hasta v5.3.2 permite a atacantes dependientes del contexto obtener información sensible (contenidos de memoria) provocando una interrupción del espacio de usuario de una función interna, relativo a la característica paso de tiempo de llamada por referencia.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-05-27 CVE Reserved
2010-05-27 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-11-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC
http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html	2024-08-07
http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html	2024-08-07
http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html	2024-08-07
http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html	2024-08-07
http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html	2016-08-23
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html	2016-08-23
http://marc.info/?l=bugtraq&m=133469208622507&w=2	2016-08-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.0 Search vendor "Php" for product "Php" and version "5.2.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.1 Search vendor "Php" for product "Php" and version "5.2.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.2 Search vendor "Php" for product "Php" and version "5.2.2"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.3 Search vendor "Php" for product "Php" and version "5.2.3"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.4 Search vendor "Php" for product "Php" and version "5.2.4"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.5 Search vendor "Php" for product "Php" and version "5.2.5"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.6 Search vendor "Php" for product "Php" and version "5.2.6"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.7 Search vendor "Php" for product "Php" and version "5.2.7"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.8 Search vendor "Php" for product "Php" and version "5.2.8"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.9 Search vendor "Php" for product "Php" and version "5.2.9"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.10 Search vendor "Php" for product "Php" and version "5.2.10"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.11 Search vendor "Php" for product "Php" and version "5.2.11"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.12 Search vendor "Php" for product "Php" and version "5.2.12"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.2.13 Search vendor "Php" for product "Php" and version "5.2.13"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.0 Search vendor "Php" for product "Php" and version "5.3.0"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.1 Search vendor "Php" for product "Php" and version "5.3.1"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.3.2 Search vendor "Php" for product "Php" and version "5.3.2"		-		Affected