Description

php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

Remediation

References

CVE-2004-0958

Related Vulnerabilities

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.31)

Play Framework Data Amplification Vulnerability (CVE-2020-28923)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.1.6)

Nginx Use After Free Vulnerability (CVE-2012-1180)

WordPress Plugin WP Learn Manager Security Bypass (1.1.4)

Severity

Medium

Classification

CVE-2004-0958

Tags

Missing Update Known Vulnerabilities