Home > Vulnerability Database > CVE-2004-0958

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2004-0958

Date: October 15, 2004

php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

Severity Score

5.3

Related Resources (11)

Url: http://securitytracker.com/id?1011279

Url: https://nvd.nist.gov/vuln/detail/CVE-2004-0958

Url: http://marc.info/?l=bugtraq&m=109527531130492&w=2

Url: https://bugzilla.fedora.us/show_bug.cgi?id=2344

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/17393

Url: http://www.redhat.com/support/errata/RHSA-2004-687.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2004-0958

Url: http://secunia.com/advisories/12560/

Url: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html

Url: https://www.mend.io/vulnerability-database/CVE-2004-0958

Severity Score

5.3

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us