Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-1914

Опубликовано: 08 мая 2010
Источник: redhat
CVSS2: 2.1
EPSS Низкий

Описание

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.

Отчет

Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3phpNot affected
Red Hat Enterprise Linux 4phpNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 6phpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=617180php: bitwise operators interruption vulnerabilities (MOPS-2010-014, MOPS-2010-015, MOPS-2010-016)

EPSS

Процентиль: 67%
0.00539
Низкий

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-1914

ubuntu
больше 15 лет назад

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.

nvd логотип

CVE-2010-1914

nvd
больше 15 лет назад

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.

debian логотип

CVE-2010-1914

debian
больше 15 лет назад

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...

github логотип

GHSA-wjwg-g3q4-3f25

github
больше 3 лет назад

The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.

EPSS

Процентиль: 67%
0.00539
Низкий

2.1 Low

CVSS2