Vulnerability Details : CVE-2010-2950
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.
Vulnerability category: OverflowExecute code
Threat overview for CVE-2010-2950
Top countries where our scanners detected CVE-2010-2950
Top open port discovered on systems with this issue
80
IPs affected by CVE-2010-2950 25,322
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-2950!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-2950
Probability of exploitation activity in the next 30 days: 1.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2950
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-2950
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2950
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:254
mandriva.com
-
http://marc.info/?l=bugtraq&m=130331363227777&w=2
'[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and' - MARC
-
http://support.apple.com/kb/HT4581
About the security content of Mac OS X v10.6.7 and Security Update 2011-001 - Apple Support
-
http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html
MOPS-2010-024: PHP phar_stream_flush Format String Vulnerability « the Month of PHP Security
-
http://security-tracker.debian.org/tracker/CVE-2010-2950
CVE-2010-2950
-
http://www.php.net/archive/2010.php#id2010-12-10-1
PHP: News Archive - 2010
-
https://bugzilla.redhat.com/show_bug.cgi?id=598537
598537 – (CVE-2010-2094, MOPS-2010-025, MOPS-2010-026, MOPS-2010-027, MOPS-2010-028) CVE-2010-2094 php: Multiple format string flaws in the phar extension (MOPS-2010-025 MOPS-2010-026 MOPS-2010-027 MO
-
http://svn.php.net/viewvc?view=revision&revision=302565
PHP: Revision 302565
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017Exploit
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Apple - Lists.apple.com
-
http://www.php.net/releases/5_3_4.php
PHP: PHP 5.3.4 Release Announcement
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLog
Products affected by CVE-2010-2950
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*