Lucene search
HistoryDec 01, 2009 - 4:30 p.m.
CVE-2009-2626
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
AI Score
5.8
Confidence
Low
EPSS
0.062
Percentile
93.6%
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.
Affected configurations
Node
phpphpRangeâ¤5.2.10
ORphpphpMatch1.0
ORphpphpMatch2.0
ORphpphpMatch2.0b10
ORphpphpMatch3.0
ORphpphpMatch3.0.1
ORphpphpMatch3.0.2
ORphpphpMatch3.0.3
ORphpphpMatch3.0.4
ORphpphpMatch3.0.5
ORphpphpMatch3.0.6
ORphpphpMatch3.0.7
ORphpphpMatch3.0.8
ORphpphpMatch3.0.9
ORphpphpMatch3.0.10
ORphpphpMatch3.0.11
ORphpphpMatch3.0.12
ORphpphpMatch3.0.13
ORphpphpMatch3.0.14
ORphpphpMatch3.0.15
ORphpphpMatch3.0.16
ORphpphpMatch3.0.17
ORphpphpMatch3.0.18
ORphpphpMatch4
ORphpphpMatch4.0
ORphpphpMatch4.0beta_4_patch1
ORphpphpMatch4.0beta1
ORphpphpMatch4.0beta2
ORphpphpMatch4.0beta3
ORphpphpMatch4.0beta4
ORphpphpMatch4.0rc1
ORphpphpMatch4.0rc2
ORphpphpMatch4.0.0
ORphpphpMatch4.0.1
ORphpphpMatch4.0.1patch1
ORphpphpMatch4.0.1patch2
ORphpphpMatch4.0.2
ORphpphpMatch4.0.3
ORphpphpMatch4.0.3patch1
ORphpphpMatch4.0.4
ORphpphpMatch4.0.4patch1
ORphpphpMatch4.0.5
ORphpphpMatch4.0.6
ORphpphpMatch4.0.7
ORphpphpMatch4.0.7rc1
ORphpphpMatch4.0.7rc2
ORphpphpMatch4.0.7rc3
ORphpphpMatch4.0.7rc4
ORphpphpMatch4.1.0
ORphpphpMatch4.1.1
ORphpphpMatch4.1.2
ORphpphpMatch4.2dev
ORphpphpMatch4.2.0
ORphpphpMatch4.2.1
ORphpphpMatch4.2.2
ORphpphpMatch4.2.3
ORphpphpMatch4.3.0
ORphpphpMatch4.3.1
ORphpphpMatch4.3.2
ORphpphpMatch4.3.3
ORphpphpMatch4.3.4
ORphpphpMatch4.3.5
ORphpphpMatch4.3.6
ORphpphpMatch4.3.7
ORphpphpMatch4.3.8
ORphpphpMatch4.3.9
ORphpphpMatch4.3.10
ORphpphpMatch4.3.11
ORphpphpMatch4.4.0
ORphpphpMatch4.4.1
ORphpphpMatch4.4.2
ORphpphpMatch4.4.3
ORphpphpMatch4.4.4
ORphpphpMatch4.4.5
ORphpphpMatch4.4.6
ORphpphpMatch4.4.7
ORphpphpMatch4.4.8
ORphpphpMatch4.4.9
ORphpphpMatch5
ORphpphpMatch5.0rc1
ORphpphpMatch5.0rc2
ORphpphpMatch5.0rc3
ORphpphpMatch5.0.0
ORphpphpMatch5.0.0beta1
ORphpphpMatch5.0.0beta2
ORphpphpMatch5.0.0beta3
ORphpphpMatch5.0.0beta4
ORphpphpMatch5.0.0rc1
ORphpphpMatch5.0.0rc2
ORphpphpMatch5.0.0rc3
ORphpphpMatch5.0.1
ORphpphpMatch5.0.2
ORphpphpMatch5.0.3
ORphpphpMatch5.0.4
ORphpphpMatch5.0.5
ORphpphpMatch5.1.0
ORphpphpMatch5.1.1
ORphpphpMatch5.1.2
ORphpphpMatch5.1.3
ORphpphpMatch5.1.4
ORphpphpMatch5.1.5
ORphpphpMatch5.1.6
ORphpphpMatch5.2.0
ORphpphpMatch5.2.2
ORphpphpMatch5.2.4
ORphpphpMatch5.2.6
ORphpphpMatch5.2.7
ORphpphpMatch5.2.8
ORphpphpMatch5.2.9
ORphpphpMatch5.3.0
Related
prion
prion
Information disclosure
2009-12-01 16:30:00
packetstorm
packetstorm
PHP ini_restore Memory Disclosure
2009-12-04 00:00:00
cvelist
cvelist
CVE-2009-2626
2022-10-03 16:24:08
f5
f5
K13231 : PHP vulnerability CVE-2009-2626
2013-09-09 00:00:00
SOL13231 - PHP vulnerability CVE-2009-2626
2011-11-21 00:00:00
redhatcve
redhatcve
CVE-2009-2626
2015-10-30 10:18:04
ubuntucve
ubuntucve
CVE-2009-2626
2009-12-01 00:00:00
seebug
seebug
PHP ini_restore()ĺ
ĺ俥ćŻćłé˛ćźć´
2009-11-30 00:00:00
cve
cve
CVE-2009-2626
2022-10-03 16:24:08
openvas
openvas
PHP Multiple Vulnerabilities (Dec 2009)
2009-12-04 00:00:00
Mandriva Update for php MDVSA-2010:008 (php)
2010-01-19 00:00:00
Mandriva Update for php MDVSA-2010:008 (php)
2010-01-19 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2010:008)
2010-01-18 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-882-1)
2010-01-14 00:00:00
Debian DSA-1940-1 : php5 - multiple issues
2010-02-24 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2010-01-13 00:00:00
debian
debian
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
2009-11-25 21:48:09
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
2009-11-25 21:48:09
osv
osv
php5 - multiple issues
2009-11-25 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
AI Score
5.8
Confidence
Low
EPSS
0.062
Percentile
93.6%
Related for NVD:CVE-2009-2626