CVE-2010-3294
published 2010-09-24CVE-2010-3294: Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.92%
77.3th percentile
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pecl-php | alternative_php_cache | <= 3.1.3 | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
| pecl-php | alternative_php_cache | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-96h7-76fj-h8f9: Cross-site scripting (XSS) vulnerability in apc
ghsa_unreviewed·2022-05-17
CVE-2010-3294 [MEDIUM] CWE-79 GHSA-96h7-76fj-h8f9: Cross-site scripting (XSS) vulnerability in apc
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Red Hat
php-pecl-apc: potential XSS in apc.php
vendor_redhat·2010-08-05·CVSS 4.3
CVE-2010-3294 [MEDIUM] CWE-79 php-pecl-apc: potential XSS in apc.php
php-pecl-apc: potential XSS in apc.php
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
Bugzilla
CVE-2010-3294 php-pecl-apc: potential XSS in apc.php
bugzilla·2010-09-15·CVSS 4.3
CVE-2010-3294 [MEDIUM] CVE-2010-3294 php-pecl-apc: potential XSS in apc.php
CVE-2010-3294 php-pecl-apc: potential XSS in apc.php
A potential Cross Site Scripting (XSS) vulnerability was found in the PECL APC package in versions prior to 3.1.4 [1]. A patch [2] to correct this flaw is available.
This flaw affects Fedora 12 (currently 3.1.3p1), EPEL5 (currently 3.0.19) and the version of php-pecl-apc to appear in Red Hat Enterprise Linux 6 (currently 3.1.3p1).
This flaw has been assigned the name CVE-2010-3294.
[1] http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4
[2] http://svn.php.net/viewvc/pecl/apc/trunk/apc.php?r1=301548&r2=301867&view=patch
Discussion:
Created php-pecl-apc tracking bugs for this issue
Affects: fedora-12 [bug 634336]
---
Statement:
(none)
---
This issue has been addressed in following products:
Red Hat Enterprise L
Bugzilla
CVE-2010-3294 php-pecl-apc: potential XSS in apc.php [fedora-12]
bugzilla·2010-09-15·CVSS 4.3
CVE-2010-3294 [MEDIUM] CVE-2010-3294 php-pecl-apc: potential XSS in apc.php [fedora-12]
CVE-2010-3294 php-pecl-apc: potential XSS in apc.php [fedora-12]
fedora-12 tracking bug for php-pecl-apc: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Please use this tracker for EPEL5 as well, which is also affected by this flaw. Thanks.
---
This bug doesn't seems critical as it only affects apc.php (the APC control panel) which is not installed but only provided in the package documentation.
I will push 3.1.4 update to F-12 and add the patch to EL-5 (and keep the stable version).
---
php-pecl-apc-3.1.4-2.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/php-pecl-
http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4http://rhn.redhat.com/errata/RHSA-2012-0811.htmlhttp://www.openwall.com/lists/oss-security/2010/09/14/1http://www.openwall.com/lists/oss-security/2010/09/14/6http://www.openwall.com/lists/oss-security/2010/09/14/8http://www.vupen.com/english/advisories/2010/2406http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4http://rhn.redhat.com/errata/RHSA-2012-0811.htmlhttp://www.openwall.com/lists/oss-security/2010/09/14/1http://www.openwall.com/lists/oss-security/2010/09/14/6http://www.openwall.com/lists/oss-security/2010/09/14/8http://www.vupen.com/english/advisories/2010/2406
2010-09-24
Published