{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46901?format=json","vulnerability_id":"VCID-52gs-wtmz-t7cg","summary":"Multiple vulnerabilities were found in PHP, the worst of which\n    leading to remote execution of arbitrary code.","aliases":[{"alias":"CVE-2010-3709"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76885?format=json","purl":"pkg:ebuild/dev-lang/php@5.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.3.8"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/127430?format=json","purl":"pkg:rpm/redhat/php@5.3.2-6.el6_0?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-52gs-wtmz-t7cg"},{"vulnerability":"VCID-73nf-5amu-xkex"},{"vulnerability":"VCID-n146-xs1x-6ugw"},{"vulnerability":"VCID-xzsz-j91v-skf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.2-6.el6_0%3Farch=1"}],"references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=130331363227777&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=130331363227777&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469208622507&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=133469208622507&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3709.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3709","reference_id":"","reference_type":"","scores":[{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92841","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92787","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92794","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92798","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92796","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92806","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.9281","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92824","published_at":"2026-04-16T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92825","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92829","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92837","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09461","scoring_system":"epss","scoring_elements":"0.92832","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3709"},{"reference_url":"http://secunia.com/advisories/42729","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42729"},{"reference_url":"http://secunia.com/advisories/42812","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/42812"},{"reference_url":"http://securityreason.com/achievement_securityalert/90","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/achievement_securityalert/90"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619","reference_id":"","reference_type":"","scores":[],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619"},{"reference_url":"http://support.apple.com/kb/HT4581","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT4581"},{"reference_url":"http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log","reference_id":"","reference_type":"","scores":[],"url":"http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c?view=log"},{"reference_url":"http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log","reference_id":"","reference_type":"","scores":[],"url":"http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c?view=log"},{"reference_url":"http://www.exploit-db.com/exploits/15431","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/15431"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:218","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:218"},{"reference_url":"http://www.php.net/archive/2010.php#id2010-12-10-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.php.net/archive/2010.php#id2010-12-10-1"},{"reference_url":"http://www.php.net/ChangeLog-5.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.php.net/ChangeLog-5.php"},{"reference_url":"http://www.php.net/releases/5_2_15.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.php.net/releases/5_2_15.php"},{"reference_url":"http://www.php.net/releases/5_3_4.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.php.net/releases/5_3_4.php"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0195.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0195.html"},{"reference_url":"http://www.securityfocus.com/bid/44718","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/44718"},{"reference_url":"http://www.securitytracker.com/id?1024690","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1024690"},{"reference_url":"http://www.ubuntu.com/usn/USN-1042-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1042-1"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3313","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/3313"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0020","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0020"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0021","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0021"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0077","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=651206","reference_id":"651206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=651206"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3709","reference_id":"CVE-2010-3709","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3709"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/15431.txt","reference_id":"CVE-2010-3709;OSVDB-69109","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/15431.txt"},{"reference_url":"https://security.gentoo.org/glsa/201110-06","reference_id":"GLSA-201110-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0195","reference_id":"RHSA-2011:0195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0195"},{"reference_url":"https://usn.ubuntu.com/1042-1/","reference_id":"USN-1042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1042-1/"}],"weaknesses":[{"cwe_id":476,"name":"NULL Pointer Dereference","description":"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit."},{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."}],"exploits":[{"date_added":"2010-11-05","description":"PHP 5.3.3/5.2.14 - ZipArchive::getArchiveComment Null Pointer Dereference","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":false,"source_date_published":"2010-11-05","exploit_type":"dos","platform":"php","source_date_updated":"2010-11-05","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"4.3 - 4.3","exploitability":"2.0","weighted_severity":"3.9","risk_score":7.8,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52gs-wtmz-t7cg"}