Vulnerability Details : CVE-2010-3710
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.
Vulnerability category: Denial of service
Threat overview for CVE-2010-3710
Top countries where our scanners detected CVE-2010-3710
Top open port discovered on systems with this issue
80
IPs affected by CVE-2010-3710 50,379
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-3710!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-3710
Probability of exploitation activity in the next 30 days: 7.84%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3710
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-3710
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3710
-
http://marc.info/?l=bugtraq&m=133469208622507&w=2
'[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PH' - MARC
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:023
-
http://support.apple.com/kb/HT4581
About the security content of Mac OS X v10.6.7 and Security Update 2011-001 - Apple Support
-
http://www.vupen.com/english/advisories/2011/0021
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
[SECURITY] Fedora 13 Update: maniadrive-1.2-23.fc13
-
http://www.php.net/archive/2010.php#id2010-12-10-1
PHP: News Archive - 2010
-
http://bugs.php.net/bug.php?id=52929
PHP :: Bug #52929 :: Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of dataExploit
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Apple - Lists.apple.com
-
http://www.php.net/releases/5_3_4.php
PHP: PHP 5.3.4 Release Announcement
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:218
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
[SECURITY] Fedora 14 Update: maniadrive-1.2-23.fc14
-
http://www.redhat.com/support/errata/RHSA-2011-0196.html
Support
-
http://www.ubuntu.com/usn/USN-1042-1
USN-1042-1: PHP vulnerabilities | Ubuntu security notices
-
http://www.php.net/releases/5_2_15.php
PHP: PHP 5.2.15 Release Announcement
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLog
-
http://www.vupen.com/english/advisories/2011/0020
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0077
Webmail | OVH- OVH
-
http://www.securityfocus.com/bid/43926
PHP 'php_filter_validate_email()' Function Denial of Service Vulnerability
Products affected by CVE-2010-3710
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*