Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2010-2531

Disclosure Date: August 20, 2010
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Additional Info

Technical Analysis