Test ID:	1.3.6.1.4.1.25623.1.0.801359
Category:	Web application abuses
Title:	PHP Multiple Information Disclosure Vulnerabilities
Summary:	PHP is prone to multiple information disclosure vulnerabilities.
Description:	Summary: PHP is prone to multiple information disclosure vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error in 'trim()', 'ltrim()', 'rtrim()' and 'substr_replace()' functions, which causes a userspace interruption of an internal function within the call time pass by reference feature. - Error in 'parse_str()', 'preg_match()', 'unpack()' and 'pack()' functions, 'ZEND_FETCH_RW()', 'ZEND_CONCAT()', and 'ZEND_ASSIGN_CONCAT()' opcodes, and the 'ArrayObject::uasort' method, trigger memory corruption by causing a userspace interruption of an internal function or handler. Vulnerability Impact: Successful exploitation could allow local attackers to bypass certain security restrictions and to obtain sensitive information. Affected Software/OS: PHP version 5.2 through 5.2.13 and 5.3 through 5.3.2 Solution: Update to PHP version 5.2.14/5.3.3 or later CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2190 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.php-security.org/2010/05/30/mops-2010-047-php-trimltrimrtrim-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/30/mops-2010-048-php-substr_replace-interruption-information-leak-vulnerability/index.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html SuSE Security Announcement: SUSE-SR:2010:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html XForce ISS Database: php-substrreplace-info-disclosure(59220) https://exchange.xforce.ibmcloud.com/vulnerabilities/59220 Common Vulnerability Exposure (CVE) ID: CVE-2010-2191 http://www.php-security.org/2010/05/31/mops-2010-049-php-parse_str-interruption-memory-corruption-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-050-php-preg_match-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-051-php-unpack-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-052-php-pack-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-053-php-zend_fetch_rw-opcode-interruption-information-leak-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-054-php-zend_concatzend_assign_concat-opcode-interruption-information-leak-and-memory-corruption-vulnerability/index.html http://www.php-security.org/2010/05/31/mops-2010-055-php-arrayobjectuasort-interruption-memory-corruption-vulnerability/index.html XForce ISS Database: php-parsestr-info-disclosure(59221) https://exchange.xforce.ibmcloud.com/vulnerabilities/59221
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.