Description
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
Remediation
References
Related Vulnerabilities
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3472)
WordPress Plugin Divi Builder Cross-Site Scripting (2.17.2)
PHP Numeric Errors Vulnerability (CVE-2009-5016)
Drupal Core 6.x Local File Inclusion (6.0 - 6.9)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)