mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
191 lines
6.6 KiB
JSON
191 lines
6.6 KiB
JSON
{
|
|
"id": "CVE-2010-2097",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2010-05-27T22:30:01.780",
|
|
"lastModified": "2016-08-23T02:01:25.620",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Las funciones (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode en PHP v5.2 a la v5.2.13 y v5.3 a la v5.3.2, permiten a atacantes dependientes del contexto obtener informaci\u00f3n sensible (contenido de la memoria) provocando una interrupci\u00f3n del espacio de usuario de una funci\u00f3n interna. Relacionado con la llamada por referencia de la funcionalidad \"time pass\"."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "79D5336A-14AA-483E-9CBE-A7B53120B925"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3AADA875-E0EA-483A-A07E-2914FE969972"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/index.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/index.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/index.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |