Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PHP
дополнено с 2 ноября 2010 г.
Опубликовано:24 ноября 2010 г.
Источник:
SecurityVulns ID:11225
Тип:библиотека
Уровень опасности:
5/10
Описание:DoS, обход защиты, межсайтовый скриптинг.
Затронутые продукты:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.)
 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.)
 CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:239 ] php (24.11.2010)
 documentMANDRIVA, [ MDVSA-2010:224 ] php (10.11.2010)
 documentMANDRIVA, [ MDVSA-2010:218 ] php (02.11.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород