Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-4143 (GCVE-0-2009-4143)
Vulnerability from cvelistv5 – Published: 2009-12-21 16:00 – Updated: 2024-08-07 06:54
VLAI?
EPSS
Summary
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "37390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37390"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37821"
},
{
"name": "38648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38648"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "41490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41490"
},
{
"name": "HPSBMA02568",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2010:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "DSA-2001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2001"
},
{
"name": "SSRT100219",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "41480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41480"
},
{
"name": "oval:org.mitre.oval:def:7439",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "37390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37390"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37821"
},
{
"name": "38648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38648"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "41490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41490"
},
{
"name": "HPSBMA02568",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2010:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "DSA-2001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2001"
},
{
"name": "SSRT100219",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "41480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41480"
},
{
"name": "oval:org.mitre.oval:def:7439",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4143",
"datePublished": "2009-12-21T16:00:00.000Z",
"dateReserved": "2009-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:09.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTA-2010-AVI-143
Vulnerability from certfr_avis - Published: 2010-03-30 - Updated: 2010-03-30
De multiples vulnérabilités ont été corrigées dans Mac OS X.
Description
Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mac OS X 10.5 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X 10.6 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.5 ;",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Mac OS X Server 10.6.",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0511",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
},
{
"name": "CVE-2010-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
},
{
"name": "CVE-2010-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
},
{
"name": "CVE-2010-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
},
{
"name": "CVE-2010-0498",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
},
{
"name": "CVE-2010-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
},
{
"name": "CVE-2008-7247",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
},
{
"name": "CVE-2003-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
},
{
"name": "CVE-2010-0043",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
},
{
"name": "CVE-2010-0522",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
},
{
"name": "CVE-2010-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
},
{
"name": "CVE-2009-3559",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
},
{
"name": "CVE-2009-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
},
{
"name": "CVE-2009-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
},
{
"name": "CVE-2009-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
},
{
"name": "CVE-2010-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
},
{
"name": "CVE-2010-0524",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
},
{
"name": "CVE-2010-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
},
{
"name": "CVE-2009-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
},
{
"name": "CVE-2010-0521",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
},
{
"name": "CVE-2008-0564",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
},
{
"name": "CVE-2010-0518",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
},
{
"name": "CVE-2010-0513",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
},
{
"name": "CVE-2009-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
},
{
"name": "CVE-2008-0888",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
},
{
"name": "CVE-2009-3558",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
},
{
"name": "CVE-2009-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
},
{
"name": "CVE-2009-2902",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
},
{
"name": "CVE-2010-0517",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
},
{
"name": "CVE-2010-0535",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
},
{
"name": "CVE-2010-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
},
{
"name": "CVE-2009-3557",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
},
{
"name": "CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"name": "CVE-2010-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
},
{
"name": "CVE-2010-0534",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
},
{
"name": "CVE-2010-0497",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
},
{
"name": "CVE-2008-4456",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
},
{
"name": "CVE-2009-4143",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
},
{
"name": "CVE-2010-0058",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
},
{
"name": "CVE-2010-0041",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
},
{
"name": "CVE-2010-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
},
{
"name": "CVE-2010-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
},
{
"name": "CVE-2010-0533",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
},
{
"name": "CVE-2010-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
},
{
"name": "CVE-2010-0504",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
},
{
"name": "CVE-2009-0316",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
},
{
"name": "CVE-2010-0526",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
},
{
"name": "CVE-2010-0510",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
},
{
"name": "CVE-2009-1904",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
},
{
"name": "CVE-2010-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
},
{
"name": "CVE-2008-5302",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
},
{
"name": "CVE-2009-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
},
{
"name": "CVE-2010-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
},
{
"name": "CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"name": "CVE-2009-2446",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
},
{
"name": "CVE-2009-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
},
{
"name": "CVE-2010-0525",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
},
{
"name": "CVE-2010-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
},
{
"name": "CVE-2010-0502",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
},
{
"name": "CVE-2010-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
},
{
"name": "CVE-2008-2712",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
},
{
"name": "CVE-2009-2906",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
},
{
"name": "CVE-2010-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
},
{
"name": "CVE-2008-5303",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
},
{
"name": "CVE-2009-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
},
{
"name": "CVE-2009-4214",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
},
{
"name": "CVE-2009-0783",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
},
{
"name": "CVE-2009-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
},
{
"name": "CVE-2008-5515",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
},
{
"name": "CVE-2006-1329",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
},
{
"name": "CVE-2010-0514",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
},
{
"name": "CVE-2009-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
},
{
"name": "CVE-2010-0515",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
},
{
"name": "CVE-2009-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
},
{
"name": "CVE-2010-0056",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
},
{
"name": "CVE-2010-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
},
{
"name": "CVE-2009-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
},
{
"name": "CVE-2009-0688",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
},
{
"name": "CVE-2008-4101",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
},
{
"name": "CVE-2010-0537",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
},
{
"name": "CVE-2010-0519",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
},
{
"name": "CVE-2010-0523",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
},
{
"name": "CVE-2010-0520",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
},
{
"name": "CVE-2010-0503",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
},
{
"name": "CVE-2010-0055",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
}
],
"initial_release_date": "2010-03-30T00:00:00",
"last_revision_date": "2010-03-30T00:00:00",
"links": [],
"reference": "CERTA-2010-AVI-143",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-03-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
CERTA-2009-AVI-553
Vulnerability from certfr_avis - Published: 2009-12-18 - Updated: 2009-12-18
De multiples vulnérabilités ont été découvertes dans PHP. L'exploitation de ces vulnérabilités permet de réaliser des actions diverses dont le déni de service à distance ou la contournement de certains mécanismes de sécurité.
Description
Cinq vulnérabilités ont été découvertes dans PHP :
- la première est due à une erreur dans la fonction tempnam(), permettant de contourner le mécanisme de safe_mode ;
- la deuxième est due à une erreur dans la fonction posix_mkfifo(), permettant de contourner la fonctionalité open_basedir ;
- la troisième est due à une erreur dans la gestion du chargement de certaines données et peut être utilisée afin de provoquer un déni de service ;
- la quatrième est due à une mauvaise gestion des sessions (l'impact n'est pas connu) ;
- la dernière est due à une erreur au niveau de la fonction htmlspecialchars() et permet à un utilisateur mal intentionné de réaliser une injection de code indirecte.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
PHP versions 5.2.11 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003ePHP versions 5.2.11 et ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nCinq vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP :\n\n- la premi\u00e8re est due \u00e0 une erreur dans la fonction tempnam(),\n permettant de contourner le m\u00e9canisme de safe_mode ;\n- la deuxi\u00e8me est due \u00e0 une erreur dans la fonction posix_mkfifo(),\n permettant de contourner la fonctionalit\u00e9 open_basedir ;\n- la troisi\u00e8me est due \u00e0 une erreur dans la gestion du chargement de\n certaines donn\u00e9es et peut \u00eatre utilis\u00e9e afin de provoquer un d\u00e9ni de\n service ;\n- la quatri\u00e8me est due \u00e0 une mauvaise gestion des sessions (l\u0027impact\n n\u0027est pas connu) ;\n- la derni\u00e8re est due \u00e0 une erreur au niveau de la fonction\n htmlspecialchars() et permet \u00e0 un utilisateur mal intentionn\u00e9 de\n r\u00e9aliser une injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
},
{
"name": "CVE-2009-3558",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
},
{
"name": "CVE-2009-3557",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
},
{
"name": "CVE-2009-4143",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
},
{
"name": "CVE-2009-4017",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4017"
}
],
"initial_release_date": "2009-12-18T00:00:00",
"last_revision_date": "2009-12-18T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-553",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. L\u0027exploitation\nde ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser des actions diverses dont le\nd\u00e9ni de service \u00e0 distance ou la contournement de certains m\u00e9canismes de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Notes de mise \u00e0 jour PHP 5.2.12",
"url": "http://www.php.net/releases/5_2_12.php"
}
]
}
GHSA-H4MQ-28X6-5X4J
Vulnerability from github – Published: 2022-05-02 03:51 – Updated: 2022-05-02 03:51
VLAI?
Details
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
{
"affected": [],
"aliases": [
"CVE-2009-4143"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-12-21T16:30:00Z",
"severity": "HIGH"
},
"details": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.",
"id": "GHSA-h4mq-28x6-5x4j",
"modified": "2022-05-02T03:51:55Z",
"published": "2022-05-02T03:51:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4143"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37821"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38648"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40262"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41480"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41490"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4077"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2010/dsa-2001"
},
{
"type": "WEB",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
},
{
"type": "WEB",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37390"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3593"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2009-4143
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-4143",
"description": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.",
"id": "GSD-2009-4143",
"references": [
"https://www.suse.com/security/cve/CVE-2009-4143.html",
"https://www.debian.org/security/2010/dsa-2001"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-4143"
],
"details": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.",
"id": "GSD-2009-4143",
"modified": "2023-12-13T01:19:45.469819Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html",
"refsource": "MISC",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "MISC",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "MISC",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://secunia.com/advisories/41480",
"refsource": "MISC",
"url": "http://secunia.com/advisories/41480"
},
{
"name": "http://secunia.com/advisories/41490",
"refsource": "MISC",
"url": "http://secunia.com/advisories/41490"
},
{
"name": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
"refsource": "MISC",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "http://secunia.com/advisories/37821",
"refsource": "MISC",
"url": "http://secunia.com/advisories/37821"
},
{
"name": "http://secunia.com/advisories/40262",
"refsource": "MISC",
"url": "http://secunia.com/advisories/40262"
},
{
"name": "http://www.php.net/releases/5_2_12.php",
"refsource": "MISC",
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "http://www.vupen.com/english/advisories/2009/3593",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "http://secunia.com/advisories/38648",
"refsource": "MISC",
"url": "http://secunia.com/advisories/38648"
},
{
"name": "http://www.debian.org/security/2010/dsa-2001",
"refsource": "MISC",
"url": "http://www.debian.org/security/2010/dsa-2001"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
},
{
"name": "http://www.securityfocus.com/bid/37390",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/37390"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4143"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "ADV-2009-3593",
"refsource": "VUPEN",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "37821",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37821"
},
{
"name": "http://www.php.net/releases/5_2_12.php",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "37390",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/37390"
},
{
"name": "DSA-2001",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2010/dsa-2001"
},
{
"name": "38648",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38648"
},
{
"name": "MDVSA-2010:045",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "SSRT100152",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "40262",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "41490",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41490"
},
{
"name": "41480",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41480"
},
{
"name": "SSRT100219",
"refsource": "HP",
"tags": [],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "oval:org.mitre.oval:def:7439",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-30T16:26Z",
"publishedDate": "2009-12-21T16:30Z"
}
}
}
FKIE_CVE-2009-4143
Vulnerability from fkie_nvd - Published: 2009-12-21 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=127680701405735&w=2 | ||
| secalert@redhat.com | http://secunia.com/advisories/37821 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/38648 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/40262 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/41480 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/41490 | Vendor Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT4077 | ||
| secalert@redhat.com | http://www.debian.org/security/2010/dsa-2001 | ||
| secalert@redhat.com | http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 | ||
| secalert@redhat.com | http://www.php.net/ChangeLog-5.php | ||
| secalert@redhat.com | http://www.php.net/releases/5_2_12.php | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/37390 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3593 | Vendor Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=127680701405735&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37821 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38648 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40262 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41480 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/41490 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4077 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2010/dsa-2001 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.php.net/ChangeLog-5.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.php.net/releases/5_2_12.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37390 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3593 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php | php | * | |
| php | php | 1.0 | |
| php | php | 2.0 | |
| php | php | 2.0b10 | |
| php | php | 3.0 | |
| php | php | 3.0.1 | |
| php | php | 3.0.2 | |
| php | php | 3.0.3 | |
| php | php | 3.0.4 | |
| php | php | 3.0.5 | |
| php | php | 3.0.6 | |
| php | php | 3.0.7 | |
| php | php | 3.0.8 | |
| php | php | 3.0.9 | |
| php | php | 3.0.10 | |
| php | php | 3.0.11 | |
| php | php | 3.0.12 | |
| php | php | 3.0.13 | |
| php | php | 3.0.14 | |
| php | php | 3.0.15 | |
| php | php | 3.0.16 | |
| php | php | 3.0.17 | |
| php | php | 3.0.18 | |
| php | php | 4 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0 | |
| php | php | 4.0.0 | |
| php | php | 4.0.1 | |
| php | php | 4.0.2 | |
| php | php | 4.0.3 | |
| php | php | 4.0.4 | |
| php | php | 4.0.5 | |
| php | php | 4.0.6 | |
| php | php | 4.0.7 | |
| php | php | 4.0.7 | |
| php | php | 4.0.7 | |
| php | php | 4.0.7 | |
| php | php | 4.0.7 | |
| php | php | 4.1.0 | |
| php | php | 4.1.1 | |
| php | php | 4.1.2 | |
| php | php | 4.2.0 | |
| php | php | 4.2.1 | |
| php | php | 4.2.2 | |
| php | php | 4.2.3 | |
| php | php | 4.3.0 | |
| php | php | 4.3.1 | |
| php | php | 4.3.2 | |
| php | php | 4.3.3 | |
| php | php | 4.3.4 | |
| php | php | 4.3.5 | |
| php | php | 4.3.6 | |
| php | php | 4.3.7 | |
| php | php | 4.3.8 | |
| php | php | 4.3.9 | |
| php | php | 4.3.10 | |
| php | php | 4.3.11 | |
| php | php | 4.4.0 | |
| php | php | 4.4.1 | |
| php | php | 4.4.2 | |
| php | php | 4.4.3 | |
| php | php | 4.4.4 | |
| php | php | 4.4.5 | |
| php | php | 4.4.6 | |
| php | php | 4.4.7 | |
| php | php | 4.4.8 | |
| php | php | 4.4.9 | |
| php | php | 5 | |
| php | php | 5.0 | |
| php | php | 5.0 | |
| php | php | 5.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.0 | |
| php | php | 5.0.1 | |
| php | php | 5.0.2 | |
| php | php | 5.0.3 | |
| php | php | 5.0.4 | |
| php | php | 5.0.5 | |
| php | php | 5.1.0 | |
| php | php | 5.1.1 | |
| php | php | 5.1.2 | |
| php | php | 5.1.3 | |
| php | php | 5.1.4 | |
| php | php | 5.1.5 | |
| php | php | 5.1.6 | |
| php | php | 5.2.0 | |
| php | php | 5.2.1 | |
| php | php | 5.2.2 | |
| php | php | 5.2.3 | |
| php | php | 5.2.4 | |
| php | php | 5.2.5 | |
| php | php | 5.2.6 | |
| php | php | 5.2.7 | |
| php | php | 5.2.8 | |
| php | php | 5.2.9 | |
| php | php | 5.2.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD613CC3-281B-43D1-A352-53D339B040FA",
"versionEndIncluding": "5.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92647629-083F-4042-8365-4AD2EBC9C1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF72E8D5-9F8C-4BD4-9AA4-28E23CB48A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*",
"matchCriteriaId": "83BE1120-6370-4470-8586-6581EDF3FD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "245C601D-0FE7-47E3-8304-6FF45E9567D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691BB8BB-329A-4640-B758-7590C99B5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BC4CCE-2774-463E-82EA-36CD442D3A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C478024C-2FCD-463F-A75E-E04660AA9DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9C32F4-5102-4E9B-9F32-B24B65A5ED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BD99C0-E875-496E-BE5E-A8DCBD414B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1851ADE5-C70C-46E0-941A-6ADF7DB5C126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69DA3BA2-AF53-4C9D-93FA-0317841595B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0CFEE5-2274-4BBC-A24A-3A0D13F607FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "67B59D6A-7EDA-4C34-81D6-C2557C85D164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBA40B6-8FDF-41AA-8166-F491FF7F3118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E2B72-A428-4BB3-B6F8-0AF5E487A807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2F1D82-8E6A-4FBF-9055-A0F395DC17FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "945FF149-3446-4905-BCA1-C397E3497B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8E446DBD-FEFA-4D22-9C9D-51F61C01E414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8DE728-78E1-4F9F-BC56-CD9B10E61287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "80E31CC6-9356-4BB7-9F49-320AAF341E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB8AD3A-9181-459A-9AF2-B3FC6BAF6FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3E7199-8FB7-4930-9C0A-A36A698940B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4:*:*:*:*:*:*:*",
"matchCriteriaId": "467BBA06-7E32-474D-BBBB-72B389D0DB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBEC461-D553-41B7-8D85-20B6A933C21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "AEEF2298-98E8-409F-9205-84817CEF947B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6AFC00BA-D64D-4407-AC69-FDD9FF013943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "D80F2A8B-B57F-4970-867A-55E8187C1502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EF4E0EFE-4FF6-4E8F-8EC5-68B059FC0C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "49965B80-DC27-4864-BDF0-CBBFF16BFD80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8212495A-0F2A-4787-93F2-F6618F9A777B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6F0F8FC-C57A-4AEA-A59F-41140347318A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF57C14-86B6-419A-BAFF-93D01CB1E081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78BAA18C-E5A0-4210-B64B-709BBFF31EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13A159B4-B847-47DE-B7F8-89384E6C551B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "57B59616-A309-40B4-94B1-50A7BC00E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39A1B1-416E-4436-8007-733B66904A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5FC218-3DDB-4981-81C9-6C69F8DA6F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E5F96-66D2-4F99-A74D-6A2305EE218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D724D09-0D45-4701-93C9-348301217C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC6A6F47-5C7C-4F82-B23B-9C959C69B27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AE1A4DA6-6181-43A8-B0D8-5A016C3E75FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6E36203C-1392-49BB-AE7E-49626963D673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*",
"matchCriteriaId": "FE287FF5-53C6-43E6-9FEB-28CD6185EB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6713614A-B14E-4A85-BF89-ED780068FC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD95F8EB-B428-4B3C-9254-A5DECE03A989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "069EB7EE-06B9-454F-9007-8DE5DCA33C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BF5BE6-09EA-45AD-93BF-2BEF1742534E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1460DF-1687-4314-BF1A-01290B20302D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "470380B0-3982-48FC-871B-C8B43C81900D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAA7712-10F0-4BB6-BAFB-D0806AFD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63190D9B-7958-4B93-87C6-E7D5A572F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB2E2E8-81D6-4973-AC0F-AA644EE99DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAF4586-74FF-47C6-864B-656FDF3F33D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B14EF0C7-61F2-47A4-B7F8-43FF03C62DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5245F990-B4A7-4ED8-909D-B8137CE79FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5652D5B0-68E4-4239-B9B7-599AFCF4C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57B71BB7-5239-4860-9100-8CABC3992D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD447A-4EED-482C-8F61-48FAD4FCF8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F9DF9D-15E5-4387-ABE3-A7583331A928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "11579E5C-D7CF-46EE-B015-5F4185C174E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C69CDE21-2FD4-4529-8F02-8709CF5E3D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "221B9AC4-C63C-4386-B3BD-E4BC102C6124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78B7BA75-2A32-4A8E-ADF8-BCB4FC48CB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEA491B-77FD-4760-8F6F-3EBC6BD810D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB25CFBB-347C-479E-8853-F49DD6CBD7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2937B3-D034-400E-84F5-33833CE3764D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71AEE8B4-FCF8-483B-8D4C-2E80A02E925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2AF1D9-33B6-4B2C-9269-426B6B720164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84B70263-37AA-4539-A286-12038A3792C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E46E4B4-808C-4B47-81D9-EC2B02A5E57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF30D7F-353B-4496-9A89-4EF2BB279E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD97DF34-35AB-4979-96E2-B23DC8556A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7EED44-A15E-451F-BF5B-DB0BECA73C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3797AB5-9E49-4251-A212-B6E5D9996764",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive."
},
{
"lang": "es",
"value": "PHP versiones anteriores a v5.2.12 no maneja adecuadamente los datos de sesi\u00f3n, teniendo un impacto no especificado y vectores de ataque relacionado con (1) la interrupci\u00f3n de corrupci\u00f3n de la selecci\u00f3n SESSION superglobal y (2) la directiva session.save_path."
}
],
"id": "CVE-2009-4143",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-21T16:30:00.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37821"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38648"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41480"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41490"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2001"
},
{
"source": "secalert@redhat.com",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
},
{
"source": "secalert@redhat.com",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/37390"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php",
"lastModified": "2009-12-23T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…