CVE-2004-0958
First published: Sat Oct 16 2004(Updated: )
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | <=5.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2004-687.html
- http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html
- https://bugzilla.fedora.us/show_bug.cgi?id=2344
- http://secunia.com/advisories/12560/
- http://securitytracker.com/id?1011279
- http://marc.info/?l=bugtraq&m=109527531130492&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17393
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/php
- canonical/php
- version/php/5.0.2