Lucene search

[email protected]NVD:CVE-2009-4143

HistoryDec 21, 2009 - 4:30 p.m.

CVE-2009-4143

2009-12-2116:30:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.015

Percentile

86.8%

JSON

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

Affected configurations

Nvd

Node

phpphpRange≤5.2.11

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0rc1

phpphpMatch4.0rc2

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.0.7rc4

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5

phpphpMatch5.0rc1

phpphpMatch5.0rc2

phpphpMatch5.0rc3

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

marc.info/?l=bugtraq&m=127680701405735&w=2

secunia.com/advisories/37821

secunia.com/advisories/38648

secunia.com/advisories/40262

secunia.com/advisories/41480

secunia.com/advisories/41490

support.apple.com/kb/HT4077

www.debian.org/security/2010/dsa-2001

www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

www.mandriva.com/security/advisories?name=MDVSA-2010:045

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_12.php

www.securityfocus.com/bid/37390

www.vupen.com/english/advisories/2009/3593

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.015

Percentile

86.8%

JSON

Related for NVD:CVE-2009-4143

openvas18 ubuntucve1 seebug1 cve1 cvelist1 prion1 nessus13 debian4 osv2 ubuntu1 securityvulns4 slackware1 freebsd1 gentoo1 threatpost1