Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCertccCVE-2009-2626
HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-2626

2022-10-0316:24:08
certcc
web.nvd.nist.gov
61
cve-2009-2626
zend_restore_ini_entry_cb
php 5.3.0
security vulnerability
memory contents disclosure
php crash
nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

5.7

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

Affected configurations

Nvd
Node
phpphpRange≤5.2.10
OR
phpphpMatch1.0
OR
phpphpMatch2.0
OR
phpphpMatch2.0b10
OR
phpphpMatch3.0
OR
phpphpMatch3.0.1
OR
phpphpMatch3.0.2
OR
phpphpMatch3.0.3
OR
phpphpMatch3.0.4
OR
phpphpMatch3.0.5
OR
phpphpMatch3.0.6
OR
phpphpMatch3.0.7
OR
phpphpMatch3.0.8
OR
phpphpMatch3.0.9
OR
phpphpMatch3.0.10
OR
phpphpMatch3.0.11
OR
phpphpMatch3.0.12
OR
phpphpMatch3.0.13
OR
phpphpMatch3.0.14
OR
phpphpMatch3.0.15
OR
phpphpMatch3.0.16
OR
phpphpMatch3.0.17
OR
phpphpMatch3.0.18
OR
phpphpMatch4
OR
phpphpMatch4.0
OR
phpphpMatch4.0beta_4_patch1
OR
phpphpMatch4.0beta1
OR
phpphpMatch4.0beta2
OR
phpphpMatch4.0beta3
OR
phpphpMatch4.0beta4
OR
phpphpMatch4.0rc1
OR
phpphpMatch4.0rc2
OR
phpphpMatch4.0.0
OR
phpphpMatch4.0.1
OR
phpphpMatch4.0.1patch1
OR
phpphpMatch4.0.1patch2
OR
phpphpMatch4.0.2
OR
phpphpMatch4.0.3
OR
phpphpMatch4.0.3patch1
OR
phpphpMatch4.0.4
OR
phpphpMatch4.0.4patch1
OR
phpphpMatch4.0.5
OR
phpphpMatch4.0.6
OR
phpphpMatch4.0.7
OR
phpphpMatch4.0.7rc1
OR
phpphpMatch4.0.7rc2
OR
phpphpMatch4.0.7rc3
OR
phpphpMatch4.0.7rc4
OR
phpphpMatch4.1.0
OR
phpphpMatch4.1.1
OR
phpphpMatch4.1.2
OR
phpphpMatch4.2dev
OR
phpphpMatch4.2.0
OR
phpphpMatch4.2.1
OR
phpphpMatch4.2.2
OR
phpphpMatch4.2.3
OR
phpphpMatch4.3.0
OR
phpphpMatch4.3.1
OR
phpphpMatch4.3.2
OR
phpphpMatch4.3.3
OR
phpphpMatch4.3.4
OR
phpphpMatch4.3.5
OR
phpphpMatch4.3.6
OR
phpphpMatch4.3.7
OR
phpphpMatch4.3.8
OR
phpphpMatch4.3.9
OR
phpphpMatch4.3.10
OR
phpphpMatch4.3.11
OR
phpphpMatch4.4.0
OR
phpphpMatch4.4.1
OR
phpphpMatch4.4.2
OR
phpphpMatch4.4.3
OR
phpphpMatch4.4.4
OR
phpphpMatch4.4.5
OR
phpphpMatch4.4.6
OR
phpphpMatch4.4.7
OR
phpphpMatch4.4.8
OR
phpphpMatch4.4.9
OR
phpphpMatch5
OR
phpphpMatch5.0rc1
OR
phpphpMatch5.0rc2
OR
phpphpMatch5.0rc3
OR
phpphpMatch5.0.0
OR
phpphpMatch5.0.0beta1
OR
phpphpMatch5.0.0beta2
OR
phpphpMatch5.0.0beta3
OR
phpphpMatch5.0.0beta4
OR
phpphpMatch5.0.0rc1
OR
phpphpMatch5.0.0rc2
OR
phpphpMatch5.0.0rc3
OR
phpphpMatch5.0.1
OR
phpphpMatch5.0.2
OR
phpphpMatch5.0.3
OR
phpphpMatch5.0.4
OR
phpphpMatch5.0.5
OR
phpphpMatch5.1.0
OR
phpphpMatch5.1.1
OR
phpphpMatch5.1.2
OR
phpphpMatch5.1.3
OR
phpphpMatch5.1.4
OR
phpphpMatch5.1.5
OR
phpphpMatch5.1.6
OR
phpphpMatch5.2.0
OR
phpphpMatch5.2.2
OR
phpphpMatch5.2.4
OR
phpphpMatch5.2.6
OR
phpphpMatch5.2.7
OR
phpphpMatch5.2.8
OR
phpphpMatch5.2.9
OR
phpphpMatch5.3.0
VendorProductVersionCPE
phpphp4.4.9cpe:/a:php:php:4.4.9:::
phpphp3.0.17cpe:/a:php:php:3.0.17:::
phpphp4.0cpe:/a:php:php:4.0:beta1::
phpphp4.3.7cpe:/a:php:php:4.3.7:::
phpphp5.0.1cpe:/a:php:php:5.0.1:::
phpphp4.0.4cpe:/a:php:php:4.0.4:patch1::
phpphp4.0.1cpe:/a:php:php:4.0.1:patch1::
phpphp4.4.3cpe:/a:php:php:4.4.3:::
phpphp3.0.12cpe:/a:php:php:3.0.12:::
phpphp5.1.6cpe:/a:php:php:5.1.6:::
Rows per page:
1-10 of 1101

Related

prion 1
ubuntucve 1
seebug 1
packetstorm 1
cvelist 1
f5 2
redhatcve 1
nvd 1
openvas 8
nessus 10
ubuntu 1
osv 1
debian 2
gentoo 1
prion
prion
Information disclosure
2009-12-01 16:30:00
ubuntucve
ubuntucve
CVE-2009-2626
2009-12-01 00:00:00
seebug
seebug
PHP ini_restore()内存信息泄露漏洞
2009-11-30 00:00:00
packetstorm
packetstorm
PHP ini_restore Memory Disclosure
2009-12-04 00:00:00
cvelist
cvelist
CVE-2009-2626
2022-10-03 16:24:08
f5
f5
K13231 : PHP vulnerability CVE-2009-2626
2013-09-09 00:00:00
SOL13231 - PHP vulnerability CVE-2009-2626
2011-11-21 00:00:00
redhatcve
redhatcve
CVE-2009-2626
2015-10-30 10:18:04
nvd
nvd
CVE-2009-2626
2009-12-01 16:30:01
openvas
openvas
PHP Multiple Vulnerabilities (Dec 2009)
2009-12-04 00:00:00
Mandriva Update for php MDVSA-2010:008 (php)
2010-01-19 00:00:00
Mandriva Update for php MDVSA-2010:008 (php)
2010-01-19 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2010:008)
2010-01-18 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-882-1)
2010-01-14 00:00:00
Debian DSA-1940-1 : php5 - multiple issues
2010-02-24 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2010-01-13 00:00:00
osv
osv
php5 - multiple issues
2009-11-25 00:00:00
debian
debian
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
2009-11-25 21:48:09
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
2009-11-25 21:48:09
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

5.7

Confidence

Low

EPSS

0.062

Percentile

93.6%

JSON
Related for CVE-2009-2626
prion1ubuntucve1seebug1packetstorm1cvelist1f52redhatcve1nvd1openvas8nessus10ubuntu1osv1debian2gentoo1