Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-510
Vulnerability from certfr_avis
Plusieurs vulnérabilités affectant PHP ont été corrigées. Elles permettent, entre autre, de contourner la politique de sécurité.
Description
Plusieurs vulnérabilités dans PHP permettant, entre autre, le contournement de la politique de sécurité ont été corrigées. Une personne malveillante peut par exemple, à l'aide d'un fichier spécialement réalisé, créer des fichiers dans les répertoires autorisés en écriture.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions de PHP antérieures à la 5.3.1.
Impacted products
Vendor | Product | Description |
---|
References
Title | Publication Time | Tags | |
---|---|---|---|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [], "affected_systems_content": "\u003cp\u003eLes versions de PHP ant\u00e9rieures \u00e0 la 5.3.1.\u003c/p\u003e", "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans PHP permettant, entre autre, le\ncontournement de la politique de s\u00e9curit\u00e9 ont \u00e9t\u00e9 corrig\u00e9es. Une\npersonne malveillante peut par exemple, \u00e0 l\u0027aide d\u0027un fichier\nsp\u00e9cialement r\u00e9alis\u00e9, cr\u00e9er des fichiers dans les r\u00e9pertoires autoris\u00e9s\nen \u00e9criture.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2009-3292", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3292" }, { "name": "CVE-2009-3558", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558" }, { "name": "CVE-2009-3557", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557" }, { "name": "CVE-2009-4017", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4017" } ], "initial_release_date": "2009-11-23T00:00:00", "last_revision_date": "2009-11-27T00:00:00", "links": [ { "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1940 du 13 novembre 2009 :", "url": "http://www.debian.org/security/2009/dsa-1940" }, { "title": "Bulletin de mise \u00e0 jour de PHP 3.5.1 :", "url": "http://www.php.net/releases/5_3_1.php" }, { "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2009:017 du 26 octobre 2009 :", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" } ], "reference": "CERTA-2009-AVI-510", "revisions": [ { "description": "version initiale.", "revision_date": "2009-11-23T00:00:00.000000" }, { "description": "ajout des r\u00e9f\u00e9rences CVE et des bulletins de s\u00e9curit\u00e9 Debian et SuSE.", "revision_date": "2009-11-27T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" } ], "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant PHP ont \u00e9t\u00e9 corrig\u00e9es. Elles\npermettent, entre autre, de contourner la politique de s\u00e9curit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de mise \u00e0 jour de PHP 5.3.1", "url": null } ] }
CVE-2009-3558 (GCVE-0-2009-3558)
Vulnerability from cvelistv5
Published
2009-11-23 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:10.377Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" }, { "name": "6600", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/6600" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_2_12.php" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://news.php.net/php.announce/79" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.php.net/viewvc?view=revision\u0026revision=288943" }, { "name": "MDVSA-2009:285", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285" }, { "name": "37821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37821" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "ADV-2009-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3593" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/5" }, { "name": "37412", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37412" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log" }, { "name": "MDVSA-2009:302", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" }, { "name": "MDVSA-2009:303", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-11-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-12-01T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" }, { "name": "6600", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/6600" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_2_12.php" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://news.php.net/php.announce/79" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.php.net/viewvc?view=revision\u0026revision=288943" }, { "name": "MDVSA-2009:285", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285" }, { "name": "37821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37821" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/posix/posix.c?view=log" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "ADV-2009-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3593" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/5" }, { "name": "37412", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37412" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/posix/posix.c?view=log" }, { "name": "MDVSA-2009:302", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" }, { "name": "MDVSA-2009:303", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3558", "datePublished": "2009-11-23T17:00:00", "dateReserved": "2009-10-05T00:00:00", "dateUpdated": "2024-08-07T06:31:10.377Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-3557 (GCVE-0-2009-3557)
Vulnerability from cvelistv5
Published
2009-11-23 17:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:10.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_2_12.php" }, { "name": "40262", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40262" }, { "name": "6601", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/6601" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://news.php.net/php.announce/79" }, { "name": "HPSBUX02543", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "MDVSA-2009:285", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285" }, { "name": "37821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37821" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "ADV-2009-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3593" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/5" }, { "name": "37412", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37412" }, { "name": "MDVSA-2009:302", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" }, { "name": "oval:org.mitre.oval:def:7396", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7396" }, { "name": "SSRT100152", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.php.net/viewvc?view=revision\u0026revision=288945" }, { "name": "MDVSA-2009:303", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-11-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_2_12.php" }, { "name": "40262", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40262" }, { "name": "6601", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/6601" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://news.php.net/php.announce/79" }, { "name": "HPSBUX02543", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "MDVSA-2009:285", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:285" }, { "name": "37821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37821" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "ADV-2009-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3593" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/5" }, { "name": "37412", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37412" }, { "name": "MDVSA-2009:302", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" }, { "name": "oval:org.mitre.oval:def:7396", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7396" }, { "name": "SSRT100152", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.php.net/viewvc?view=revision\u0026revision=288945" }, { "name": "MDVSA-2009:303", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-3557", "datePublished": "2009-11-23T17:00:00", "dateReserved": "2009-10-05T00:00:00", "dateUpdated": "2024-08-07T06:31:10.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-4017 (GCVE-0-2009-4017)
Vulnerability from cvelistv5
Published
2009-11-24 00:00
Modified
2024-08-07 06:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:45:50.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "oval:org.mitre.oval:def:6667", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_2_12.php" }, { "name": "37482", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37482" }, { "name": "40262", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40262" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://news.php.net/php.announce/79" }, { "name": "HPSBUX02543", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "MDVSA-2009:305", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:305" }, { "name": "37821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37821" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "20091120 PHP \"multipart/form-data\" denial of service", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507982/100/0/threaded" }, { "name": "41490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41490" }, { "name": "HPSBMA02568", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/" }, { "name": "DSA-1940", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1940" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/7" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "ADV-2009-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3593" }, { "name": "oval:org.mitre.oval:def:10483", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483" }, { "name": "SSRT100219", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "name": "41480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41480" }, { "name": "SSRT100152", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "20091120 PHP \"multipart/form-data\" denial of service", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2009/Nov/228" }, { "name": "MDVSA-2009:303", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" }, { "name": "php-multipart-formdata-dos(54455)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54455" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-11-19T00:00:00", "descriptions": [ { "lang": "en", "value": "PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "oval:org.mitre.oval:def:6667", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_2_12.php" }, { "name": "37482", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37482" }, { "name": "40262", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40262" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://news.php.net/php.announce/79" }, { "name": "HPSBUX02543", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "MDVSA-2009:305", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:305" }, { "name": "37821", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37821" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "20091120 PHP \"multipart/form-data\" denial of service", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507982/100/0/threaded" }, { "name": "41490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41490" }, { "name": "HPSBMA02568", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/" }, { "name": "DSA-1940", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1940" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/7" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "ADV-2009-3593", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3593" }, { "name": "oval:org.mitre.oval:def:10483", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483" }, { "name": "SSRT100219", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "name": "41480", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41480" }, { "name": "SSRT100152", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "20091120 PHP \"multipart/form-data\" denial of service", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2009/Nov/228" }, { "name": "MDVSA-2009:303", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:303" }, { "name": "php-multipart-formdata-dos(54455)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54455" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4017", "datePublished": "2009-11-24T00:00:00", "dateReserved": "2009-11-20T00:00:00", "dateUpdated": "2024-08-07T06:45:50.952Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2009-3292 (GCVE-0-2009-3292)
Vulnerability from cvelistv5
Published
2009-09-22 10:00
Modified
2024-08-07 06:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:22:24.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php#5.2.11" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" }, { "name": "37482", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37482" }, { "name": "40262", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40262" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://news.php.net/php.announce/79" }, { "name": "HPSBUX02543", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_2_11.php" }, { "name": "1022914", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1022914" }, { "name": "58186", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/58186" }, { "name": "oval:org.mitre.oval:def:9982", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982" }, { "name": "36791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36791" }, { "name": "DSA-1940", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1940" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "37412", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37412" }, { "name": "MDVSA-2009:302", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" }, { "name": "ADV-2009-3184", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3184" }, { "name": "SSRT100152", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "APPLE-SA-2009-11-09-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" }, { "name": "SUSE-SR:2009:017", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3937" }, { "name": "oval:org.mitre.oval:def:7652", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-09-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php#5.2.11" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" }, { "name": "37482", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37482" }, { "name": "40262", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40262" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://news.php.net/php.announce/79" }, { "name": "HPSBUX02543", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "SSRT090208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_2_11.php" }, { "name": "1022914", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1022914" }, { "name": "58186", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/58186" }, { "name": "oval:org.mitre.oval:def:9982", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982" }, { "name": "36791", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36791" }, { "name": "DSA-1940", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1940" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "HPSBOV02683", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "37412", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37412" }, { "name": "MDVSA-2009:302", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" }, { "name": "ADV-2009-3184", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3184" }, { "name": "SSRT100152", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "APPLE-SA-2009-11-09-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" }, { "name": "SUSE-SR:2009:017", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3937" }, { "name": "oval:org.mitre.oval:def:7652", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3292", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.php.net/ChangeLog-5.php#5.2.11", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php#5.2.11" }, { "name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/11/20/3" }, { "name": "37482", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37482" }, { "name": "40262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40262" }, { "name": "[php-announce] 20091119 5.3.1 Release announcement", "refsource": "MLIST", "url": "http://news.php.net/php.announce/79" }, { "name": "HPSBUX02543", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "SSRT090208", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "http://www.php.net/releases/5_2_11.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_2_11.php" }, { "name": "1022914", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022914" }, { "name": "58186", "refsource": "OSVDB", "url": "http://www.osvdb.org/58186" }, { "name": "oval:org.mitre.oval:def:9982", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982" }, { "name": "36791", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36791" }, { "name": "DSA-1940", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1940" }, { "name": "http://www.php.net/ChangeLog-5.php", "refsource": "CONFIRM", "url": "http://www.php.net/ChangeLog-5.php" }, { "name": "HPSBOV02683", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2" }, { "name": "[oss-security] 20091120 CVE request: php 5.3.1 update", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/11/20/2" }, { "name": "http://www.php.net/releases/5_3_1.php", "refsource": "CONFIRM", "url": "http://www.php.net/releases/5_3_1.php" }, { "name": "37412", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37412" }, { "name": "MDVSA-2009:302", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302" }, { "name": "ADV-2009-3184", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3184" }, { "name": "SSRT100152", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127680701405735\u0026w=2" }, { "name": "APPLE-SA-2009-11-09-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" }, { "name": "SUSE-SR:2009:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "name": "http://support.apple.com/kb/HT3937", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3937" }, { "name": "oval:org.mitre.oval:def:7652", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3292", "datePublished": "2009-09-22T10:00:00", "dateReserved": "2009-09-22T00:00:00", "dateUpdated": "2024-08-07T06:22:24.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…