oss-sec mailing list archives

Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability

From: cve-assign () mitre org
Date: Sun, 6 Jul 2014 18:31:20 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://bugs.php.net/bug.php?id=67498

if you are running as mod_php and there is mod_ssl this could be used
to steal the private SSL key from memory (if you can inject PHP code).


This threat model is sufficient for CVE inclusion. Use CVE-2014-4721.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTuc3jAAoJEKllVAevmvms5xkIAK1kzurgCWyrzFfdTXenGgdo
Y0Cnket8pq6Mecv6EWchAoiLNFwcEAZ0im++3hx89J/nBftA+h5cSGRydcdJ+c8a
MeImamz1IPMheTYJbpsfRL8baXKaKw27bS1aIYMbFda4Nbh0NOKForvTVxmYT6NK
F23JHwBz1nLZTBL2SHdj68wOE4MUnVIZBzsi/aP6Cx9aHlG5/4eNd4Z1oip3EVW0
mvREssBSOeg9Yuqi+rFx48MtcUaoF1mh65BuJxLKZB33gxFvvVzXIhrDDwRnDtFo
2Jpu0xYMADy3m143nlf4/uAzwZLhohpHZ2zfY1BaqjvYvOQaVD61TS9ID3oATI8=
=S1Qs
-----END PGP SIGNATURE-----

Current thread:

Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Salvatore Bonaccorso (Jul 03)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Kurt Seifried (Jul 04)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability cve-assign (Jul 06)
- <Possible follow-ups>
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Loganaden Velvindron (Jul 06)