Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-510
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités affectant PHP ont été corrigées. Elles permettent, entre autre, de contourner la politique de sécurité.
Description
Plusieurs vulnérabilités dans PHP permettant, entre autre, le contournement de la politique de sécurité ont été corrigées. Une personne malveillante peut par exemple, à l'aide d'un fichier spécialement réalisé, créer des fichiers dans les répertoires autorisés en écriture.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions de PHP antérieures à la 5.3.1.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eLes versions de PHP ant\u00e9rieures \u00e0 la 5.3.1.\u003c/p\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans PHP permettant, entre autre, le\ncontournement de la politique de s\u00e9curit\u00e9 ont \u00e9t\u00e9 corrig\u00e9es. Une\npersonne malveillante peut par exemple, \u00e0 l\u0027aide d\u0027un fichier\nsp\u00e9cialement r\u00e9alis\u00e9, cr\u00e9er des fichiers dans les r\u00e9pertoires autoris\u00e9s\nen \u00e9criture.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3292",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3292"
},
{
"name": "CVE-2009-3558",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
},
{
"name": "CVE-2009-3557",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
},
{
"name": "CVE-2009-4017",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4017"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1940 du 13 novembre 2009 :",
"url": "http://www.debian.org/security/2009/dsa-1940"
},
{
"title": "Bulletin de mise \u00e0 jour de PHP 3.5.1 :",
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2009:017 du 26 octobre 2009 :",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
],
"reference": "CERTA-2009-AVI-510",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-11-23T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences CVE et des bulletins de s\u00e9curit\u00e9 Debian et SuSE.",
"revision_date": "2009-11-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant PHP ont \u00e9t\u00e9 corrig\u00e9es. Elles\npermettent, entre autre, de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour de PHP 5.3.1",
"url": null
}
]
}
CVE-2009-3558 (GCVE-0-2009-3558)
Vulnerability from cvelistv5 – Published: 2009-11-23 17:00 – Updated: 2024-08-07 06:31
VLAI?
EPSS
Summary
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"name": "6600",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/6600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://news.php.net/php.announce/79"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=288943"
},
{
"name": "MDVSA-2009:285",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/5"
},
{
"name": "37412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log"
},
{
"name": "MDVSA-2009:302",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "MDVSA-2009:303",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-01T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"name": "6600",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/6600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://news.php.net/php.announce/79"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=288943"
},
{
"name": "MDVSA-2009:285",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/5"
},
{
"name": "37412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log"
},
{
"name": "MDVSA-2009:302",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "MDVSA-2009:303",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3558",
"datePublished": "2009-11-23T17:00:00",
"dateReserved": "2009-10-05T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3557 (GCVE-0-2009-3557)
Vulnerability from cvelistv5 – Published: 2009-11-23 17:00 – Updated: 2024-08-07 06:31
VLAI?
EPSS
Summary
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "6601",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/6601"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "MDVSA-2009:285",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37821"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/5"
},
{
"name": "37412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37412"
},
{
"name": "MDVSA-2009:302",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "oval:org.mitre.oval:def:7396",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7396"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=288945"
},
{
"name": "MDVSA-2009:303",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "6601",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/6601"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "MDVSA-2009:285",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37821"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/5"
},
{
"name": "37412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37412"
},
{
"name": "MDVSA-2009:302",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "oval:org.mitre.oval:def:7396",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7396"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc?view=revision\u0026revision=288945"
},
{
"name": "MDVSA-2009:303",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3557",
"datePublished": "2009-11-23T17:00:00",
"dateReserved": "2009-10-05T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3292 (GCVE-0-2009-3292)
Vulnerability from cvelistv5 – Published: 2009-09-22 10:00 – Updated: 2024-08-07 06:22
VLAI?
EPSS
Summary
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:24.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.11"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"name": "37482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37482"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_11.php"
},
{
"name": "1022914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022914"
},
{
"name": "58186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/58186"
},
{
"name": "oval:org.mitre.oval:def:9982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982"
},
{
"name": "36791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36791"
},
{
"name": "DSA-1940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1940"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "37412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37412"
},
{
"name": "MDVSA-2009:302",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "oval:org.mitre.oval:def:7652",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php#5.2.11"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"name": "37482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37482"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "SSRT090208",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_11.php"
},
{
"name": "1022914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022914"
},
{
"name": "58186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/58186"
},
{
"name": "oval:org.mitre.oval:def:9982",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982"
},
{
"name": "36791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36791"
},
{
"name": "DSA-1940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1940"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "HPSBOV02683",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "37412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37412"
},
{
"name": "MDVSA-2009:302",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SUSE-SR:2009:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "oval:org.mitre.oval:def:7652",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/ChangeLog-5.php#5.2.11",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.2.11"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"name": "37482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37482"
},
{
"name": "40262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40262"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"refsource": "MLIST",
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "SSRT090208",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "http://www.php.net/releases/5_2_11.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_11.php"
},
{
"name": "1022914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022914"
},
{
"name": "58186",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58186"
},
{
"name": "oval:org.mitre.oval:def:9982",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982"
},
{
"name": "36791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36791"
},
{
"name": "DSA-1940",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1940"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "HPSBOV02683",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"name": "http://www.php.net/releases/5_3_1.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "37412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37412"
},
{
"name": "MDVSA-2009:302",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SSRT100152",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SUSE-SR:2009:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "oval:org.mitre.oval:def:7652",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3292",
"datePublished": "2009-09-22T10:00:00",
"dateReserved": "2009-09-22T00:00:00",
"dateUpdated": "2024-08-07T06:22:24.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4017 (GCVE-0-2009-4017)
Vulnerability from cvelistv5 – Published: 2009-11-24 00:00 – Updated: 2024-08-07 06:45
VLAI?
EPSS
Summary
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6667",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "37482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37482"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "MDVSA-2009:305",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:305"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37821"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "20091120 PHP \"multipart/form-data\" denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507982/100/0/threaded"
},
{
"name": "41490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41490"
},
{
"name": "HPSBMA02568",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/"
},
{
"name": "DSA-1940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1940"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "oval:org.mitre.oval:def:10483",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483"
},
{
"name": "SSRT100219",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "41480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41480"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "20091120 PHP \"multipart/form-data\" denial of service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Nov/228"
},
{
"name": "MDVSA-2009:303",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303"
},
{
"name": "php-multipart-formdata-dos(54455)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54455"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6667",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_2_12.php"
},
{
"name": "37482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37482"
},
{
"name": "40262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40262"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "MDVSA-2009:305",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:305"
},
{
"name": "37821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37821"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "20091120 PHP \"multipart/form-data\" denial of service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507982/100/0/threaded"
},
{
"name": "41490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41490"
},
{
"name": "HPSBMA02568",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/"
},
{
"name": "DSA-1940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1940"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "ADV-2009-3593",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3593"
},
{
"name": "oval:org.mitre.oval:def:10483",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483"
},
{
"name": "SSRT100219",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "41480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41480"
},
{
"name": "SSRT100152",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2"
},
{
"name": "20091120 PHP \"multipart/form-data\" denial of service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Nov/228"
},
{
"name": "MDVSA-2009:303",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303"
},
{
"name": "php-multipart-formdata-dos(54455)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54455"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4017",
"datePublished": "2009-11-24T00:00:00",
"dateReserved": "2009-11-20T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…