PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability Network Vulnerability

Summary

PHP is prone to a vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow attackers to provide unexpected input and possibly bypass input-validation protection mechanisms. This can aid in further attacks that may utilize crafted user-supplied input. Versions prior to PHP 5.3.4 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://bugs.php.net/bug.php?id=48230
http://bugs.php.net/bug.php?id=49687
http://comments.gmane.org/gmane.comp.security.oss.general/3684
http://svn.php.net/viewvc?view=revision&revision=304959
http://www.php.net/
https://www.securityfocus.com/bid/44605

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3870

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
Apache Tomcat XML External Entity Information Disclosure Vulnerability
Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
Apple Safari WebKit Information Disclosure Vulnerability (Windows)

Take action and discover your vulnerabilities