CVE-2004-0958

N/A Unknown

Published: November 03, 2004 Modified: April 16, 2026

Description

php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=109527531130492&w=2

Source: cve@mitre.org

http://secunia.com/advisories/12560/

Source: cve@mitre.org

http://securitytracker.com/id?1011279

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-687.html

Source: cve@mitre.org

Patch Vendor Advisory

https://bugzilla.fedora.us/show_bug.cgi?id=2344

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17393

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10863

Source: cve@mitre.org

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0053.html