Lucene search
HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-4417
cve-2009-4417
zend_framework
vulnerability
shutdown function
zend_log_writer_mail
nvd
email
arbitrary
mailing vectors
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.8%
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to “events not yet mailed.”
Affected configurations
Node
zendframeworkRange≤1.9.6
ORzendframeworkMatch0.1.3preview
ORzendframeworkMatch0.1.4preview
ORzendframeworkMatch0.1.5preview
ORzendframeworkMatch0.2.0preview
ORzendframeworkMatch0.6.0preview
ORzendframeworkMatch0.7.0preview
ORzendframeworkMatch0.8.0preview
ORzendframeworkMatch0.9.0beta
ORzendframeworkMatch0.9.1beta
ORzendframeworkMatch0.9.2beta
ORzendframeworkMatch0.9.3beta
ORzendframeworkMatch1.0.0
ORzendframeworkMatch1.0.0rc1
ORzendframeworkMatch1.0.0rc2
ORzendframeworkMatch1.0.0rc3
ORzendframeworkMatch1.0.1
ORzendframeworkMatch1.0.2
ORzendframeworkMatch1.0.3
ORzendframeworkMatch1.0.4
ORzendframeworkMatch1.5.0
ORzendframeworkMatch1.5.0preview
ORzendframeworkMatch1.5.0rc1
ORzendframeworkMatch1.5.0rc2
ORzendframeworkMatch1.5.0rc3
ORzendframeworkMatch1.5.1
ORzendframeworkMatch1.5.2
ORzendframeworkMatch1.5.3
ORzendframeworkMatch1.6.0
ORzendframeworkMatch1.6.0rc1
ORzendframeworkMatch1.6.0rc2
ORzendframeworkMatch1.6.0rc3
ORzendframeworkMatch1.6.1
ORzendframeworkMatch1.6.2
ORzendframeworkMatch1.7.0
ORzendframeworkMatch1.7.0preview
ORzendframeworkMatch1.7.1
ORzendframeworkMatch1.7.2
ORzendframeworkMatch1.7.3
ORzendframeworkMatch1.7.4
ORzendframeworkMatch1.7.5
ORzendframeworkMatch1.7.6
ORzendframeworkMatch1.7.7
ORzendframeworkMatch1.7.8
ORzendframeworkMatch1.8.0
ORzendframeworkMatch1.8.0alpha_1
ORzendframeworkMatch1.8.0beta_1
ORzendframeworkMatch1.8.1
ORzendframeworkMatch1.8.2
ORzendframeworkMatch1.8.3
ORzendframeworkMatch1.8.4
ORzendframeworkMatch1.9
ORzendframeworkMatch1.9.0
ORzendframeworkMatch1.9.0alpha_1
ORzendframeworkMatch1.9.0beta_1
ORzendframeworkMatch1.9.0rc1
ORzendframeworkMatch1.9.1
ORzendframeworkMatch1.9.2
ORzendframeworkMatch1.9.3
ORzendframeworkMatch1.9.4
ORzendframeworkMatch1.9.5
Related
prion
prion
Design/Logic Flaw
2009-12-24 17:30:00
nvd
nvd
CVE-2009-4417
2009-12-24 17:30:00
cvelist
cvelist
CVE-2009-4417
2022-10-03 16:24:05
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.8%
Related for CVE-2009-4417