ID CVE-2010-2225
Summary Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2010-08-24-1
bid 40948
confirm http://support.apple.com/kb/HT4312
debian DSA-2089
hp
  • HPSBOV02763
  • SSRT100826
misc
secunia 40860
suse
  • SUSE-SR:2010:017
  • SUSE-SR:2010:018
xf php-splobjectstorage-code-execution(59610)
Last major update 17-08-2017 - 01:32
Published 24-06-2010 - 12:30
Last modified 17-08-2017 - 01:32
Back to Top