{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040915 [VulnWatch] PHP Vulnerability N. 1", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html"}, {"name": "20040915 PHP Vulnerability N. 1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109527531130492&w=2"}, {"name": "12560", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12560/"}, {"name": "1011279", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1011279"}, {"name": "FLSA:2344", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344"}, {"name": "php-phpinfo-disclose-memory(17393)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17393"}, {"name": "oval:org.mitre.oval:def:10863", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863"}, {"name": "RHSA-2004:687", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-687.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0958", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040915 [VulnWatch] PHP Vulnerability N. 1", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html"}, {"name": "20040915 PHP Vulnerability N. 1", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109527531130492&w=2"}, {"name": "12560", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12560/"}, {"name": "1011279", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011279"}, {"name": "FLSA:2344", "refsource": "FEDORA", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344"}, {"name": "php-phpinfo-disclose-memory(17393)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17393"}, {"name": "oval:org.mitre.oval:def:10863", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863"}, {"name": "RHSA-2004:687", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-687.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:31:48.274Z"}, "title": "CVE Program Container", "references": [{"name": "20040915 [VulnWatch] PHP Vulnerability N. 1", "tags": ["mailing-list", "x_refsource_VULNWATCH", "x_transferred"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html"}, {"name": "20040915 PHP Vulnerability N. 1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=109527531130492&w=2"}, {"name": "12560", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/12560/"}, {"name": "1011279", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1011279"}, {"name": "FLSA:2344", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344"}, {"name": "php-phpinfo-disclose-memory(17393)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17393"}, {"name": "oval:org.mitre.oval:def:10863", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863"}, {"name": "RHSA-2004:687", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2004-687.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0958", "datePublished": "2004-10-16T04:00:00", "dateReserved": "2004-10-13T00:00:00", "dateUpdated": "2024-08-08T00:31:48.274Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAE1CCE0-7682-40EA-A858-DD09A3E32AF7", "versionEndIncluding": "5.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length."}, {"lang": "es", "value": "PHP anteriores a 5.0.2 permiten a atacantes remotos leer contenidos de memoria sensibles mediante variables (1) GET, (2) POST, o (3) COOKIE GPC que acaban en un car\u00e1cter de apertura de corchete."}], "id": "CVE-2004-0958", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-11-03T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109527531130492&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12560/"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1011279"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2004-687.html"}, {"source": "cve@mitre.org", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17393"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=109527531130492&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/12560/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1011279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2004-687.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2004:687", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "php-0:4.3.2-19.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2004-12-21T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617331"}, "csaw": false, "details": ["php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length."], "name": "CVE-2004-0958", "public_date": "2004-09-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2004-0958\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-0958"]}

{}