Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2010-3065
Description:The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2010-3065
Debian Security Information: DSA-2089 (Google Search)
http://www.debian.org/security/2010/dsa-2089
http://php-security.org/2010/05/31/mops-2010-060-php-session-serializer-session-data-injection-vulnerability/index.html
RedHat Security Advisories: RHSA-2010:0919
http://www.redhat.com/support/errata/RHSA-2010-0919.html
http://secunia.com/advisories/42410
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
SuSE Security Announcement: SUSE-SR:2010:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
http://www.vupen.com/english/advisories/2010/3081




© 1998-2021 E-Soft Inc. All rights reserved.