Vulnerability Details : CVE-2010-4156
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2010-4156
Probability of exploitation activity in the next 30 days: 1.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4156
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-4156
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4156
-
http://marc.info/?l=bugtraq&m=130331363227777&w=2
'[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and' - MARC
-
http://www.vupen.com/english/advisories/2011/0021
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
[SECURITY] Fedora 13 Update: maniadrive-1.2-23.fc13
-
http://www.securityfocus.com/bid/44727
PHP 'mb_strcut()' Function Information Disclosure VulnerabilityExploit
-
http://pastie.org/1279682
404 Not FoundPatch
-
http://pastie.org/1279428
pastie.org | 521: Web server is downPatch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:225
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
[SECURITY] Fedora 14 Update: maniadrive-1.2-23.fc14
-
http://www.redhat.com/support/errata/RHSA-2011-0196.html
Support
-
http://www.ubuntu.com/usn/USN-1042-1
USN-1042-1: PHP vulnerabilities | Ubuntu security notices
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLog
-
http://www.vupen.com/english/advisories/2011/0020
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0077
Webmail | OVH- OVH
-
http://www.openwall.com/lists/oss-security/2010/11/08/13
oss-security - Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcutExploit;Patch
-
http://www.openwall.com/lists/oss-security/2010/11/07/2
oss-security - CVE Request: PHP 5.3.3, libmbfl, mb_strcutExploit;Patch
Products affected by CVE-2010-4156
- cpe:2.3:a:scottmac:libmbfl:1.1.0:*:*:*:*:*:*:*