Lucene search

K
cveMitreCVE-2009-3291
HistorySep 22, 2009 - 10:30 a.m.

CVE-2009-3291

2009-09-2210:30:00
CWE-20
mitre
web.nvd.nist.gov
79
php
vulnerability
cve-2009-3291
certificate validation
spoofing

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.012

Percentile

85.1%

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Affected configurations

Nvd
Node
phpphpRange5.2.10
OR
phpphpMatch1.0
OR
phpphpMatch2.0
OR
phpphpMatch2.0b10
OR
phpphpMatch3.0
OR
phpphpMatch3.0.1
OR
phpphpMatch3.0.2
OR
phpphpMatch3.0.3
OR
phpphpMatch3.0.4
OR
phpphpMatch3.0.5
OR
phpphpMatch3.0.6
OR
phpphpMatch3.0.7
OR
phpphpMatch3.0.8
OR
phpphpMatch3.0.9
OR
phpphpMatch3.0.10
OR
phpphpMatch3.0.11
OR
phpphpMatch3.0.12
OR
phpphpMatch3.0.13
OR
phpphpMatch3.0.14
OR
phpphpMatch3.0.15
OR
phpphpMatch3.0.16
OR
phpphpMatch3.0.17
OR
phpphpMatch3.0.18
OR
phpphpMatch4
OR
phpphpMatch4.0
OR
phpphpMatch4.0beta_4_patch1
OR
phpphpMatch4.0beta1
OR
phpphpMatch4.0beta2
OR
phpphpMatch4.0beta3
OR
phpphpMatch4.0beta4
OR
phpphpMatch4.0rc1
OR
phpphpMatch4.0rc2
OR
phpphpMatch4.0.0
OR
phpphpMatch4.0.1
OR
phpphpMatch4.0.1patch1
OR
phpphpMatch4.0.1patch2
OR
phpphpMatch4.0.2
OR
phpphpMatch4.0.3
OR
phpphpMatch4.0.3patch1
OR
phpphpMatch4.0.4
OR
phpphpMatch4.0.4patch1
OR
phpphpMatch4.0.5
OR
phpphpMatch4.0.6
OR
phpphpMatch4.0.7
OR
phpphpMatch4.0.7rc1
OR
phpphpMatch4.0.7rc2
OR
phpphpMatch4.0.7rc3
OR
phpphpMatch4.0.7rc4
OR
phpphpMatch4.1.0
OR
phpphpMatch4.1.1
OR
phpphpMatch4.1.2
OR
phpphpMatch4.2dev
OR
phpphpMatch4.2.0
OR
phpphpMatch4.2.1
OR
phpphpMatch4.2.2
OR
phpphpMatch4.2.3
OR
phpphpMatch4.3.0
OR
phpphpMatch4.3.1
OR
phpphpMatch4.3.2
OR
phpphpMatch4.3.3
OR
phpphpMatch4.3.4
OR
phpphpMatch4.3.5
OR
phpphpMatch4.3.6
OR
phpphpMatch4.3.7
OR
phpphpMatch4.3.8
OR
phpphpMatch4.3.9
OR
phpphpMatch4.3.10
OR
phpphpMatch4.3.11
OR
phpphpMatch4.4.0
OR
phpphpMatch4.4.1
OR
phpphpMatch4.4.2
OR
phpphpMatch4.4.3
OR
phpphpMatch4.4.4
OR
phpphpMatch4.4.5
OR
phpphpMatch4.4.6
OR
phpphpMatch4.4.7
OR
phpphpMatch4.4.8
OR
phpphpMatch4.4.9
OR
phpphpMatch5
OR
phpphpMatch5.0rc1
OR
phpphpMatch5.0rc2
OR
phpphpMatch5.0rc3
OR
phpphpMatch5.0.0
OR
phpphpMatch5.0.0beta1
OR
phpphpMatch5.0.0beta2
OR
phpphpMatch5.0.0beta3
OR
phpphpMatch5.0.0beta4
OR
phpphpMatch5.0.0rc1
OR
phpphpMatch5.0.0rc2
OR
phpphpMatch5.0.0rc3
OR
phpphpMatch5.0.1
OR
phpphpMatch5.0.2
OR
phpphpMatch5.0.3
OR
phpphpMatch5.0.4
OR
phpphpMatch5.0.5
OR
phpphpMatch5.1.0
OR
phpphpMatch5.1.1
OR
phpphpMatch5.1.2
OR
phpphpMatch5.1.3
OR
phpphpMatch5.1.4
OR
phpphpMatch5.1.5
OR
phpphpMatch5.1.6
OR
phpphpMatch5.2.0
OR
phpphpMatch5.2.1
OR
phpphpMatch5.2.2
OR
phpphpMatch5.2.3
OR
phpphpMatch5.2.4
OR
phpphpMatch5.2.5
OR
phpphpMatch5.2.6
OR
phpphpMatch5.2.7
OR
phpphpMatch5.2.8
OR
phpphpMatch5.2.9
VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp1.0cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*
phpphp2.0cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*
phpphp2.0b10cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*
phpphp3.0cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
phpphp3.0.1cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
phpphp3.0.2cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
phpphp3.0.3cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
phpphp3.0.4cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
phpphp3.0.5cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
Rows per page:
1-10 of 1121

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.012

Percentile

85.1%