CVE-2004-0958 Information

Description

php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET (2) POST or (3) COOKIE GPC variables that end in an open bracket character which causes PHP to calculate an incorrect string length.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html http://marc.info/?l=bugtraq&m=109527531130492&w=2 http://secunia.com/advisories/12560/ http://securitytracker.com/id?1011279 http://www.redhat.com/support/errata/RHSA-2004-687.html https://bugzilla.fedora.us/show_bug.cgi?id=2344 https://exchange.xforce.ibmcloud.com/vulnerabilities/17393 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10863