CVE-2011-1470

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2010-2950, CVE-2010-4697, CVE-2011-0708, CVE-2011-1072, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-4153, CVE-2011-4566, CVE-2011-4885, CVE-2012-0057, CVE-2012-0781, CVE-2012-0788, CVE-2012-0789, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172, CVE-2012-1823, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386

Published on 20/03/11 - Updated on 30/10/18

Description

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2011-1470
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2011-AVI-160, CERTA-2011-AVI-564, CERTA-2012-AVI-218
Debian DSA-2408-1
Oracle Linux ELSA-2011-1423, ELSA-2012-1046

Exploits

Exploit-DBEDB-35484
SecurityFocusBID-46969

Relative technologies

VendorProduct
phpphp

Share this vulnerability with:

Twitter Facebook LinkedIn Mail