oss-sec mailing list archives
Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability
From: cve-assign () mitre org
Date: Sun, 6 Jul 2014 18:31:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://bugs.php.net/bug.php?id=67498
if you are running as mod_php and there is mod_ssl this could be used to steal the private SSL key from memory (if you can inject PHP code).
This threat model is sufficient for CVE inclusion. Use CVE-2014-4721. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTuc3jAAoJEKllVAevmvms5xkIAK1kzurgCWyrzFfdTXenGgdo Y0Cnket8pq6Mecv6EWchAoiLNFwcEAZ0im++3hx89J/nBftA+h5cSGRydcdJ+c8a MeImamz1IPMheTYJbpsfRL8baXKaKw27bS1aIYMbFda4Nbh0NOKForvTVxmYT6NK F23JHwBz1nLZTBL2SHdj68wOE4MUnVIZBzsi/aP6Cx9aHlG5/4eNd4Z1oip3EVW0 mvREssBSOeg9Yuqi+rFx48MtcUaoF1mh65BuJxLKZB33gxFvvVzXIhrDDwRnDtFo 2Jpu0xYMADy3m143nlf4/uAzwZLhohpHZ2zfY1BaqjvYvOQaVD61TS9ID3oATI8= =S1Qs -----END PGP SIGNATURE-----
Current thread:
- Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Salvatore Bonaccorso (Jul 03)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Kurt Seifried (Jul 04)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability cve-assign (Jul 06)
- <Possible follow-ups>
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Loganaden Velvindron (Jul 06)