Lucene search
HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-4418
cve-2009-4418
php
unserialize
denial of service
vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
Affected configurations
Node
phpphpRange≤5.3.0
ORphpphpMatch5
ORphpphpMatch5.0rc1
ORphpphpMatch5.0rc2
ORphpphpMatch5.0rc3
ORphpphpMatch5.0.0
ORphpphpMatch5.0.0beta1
ORphpphpMatch5.0.0beta2
ORphpphpMatch5.0.0beta3
ORphpphpMatch5.0.0beta4
ORphpphpMatch5.0.0rc1
ORphpphpMatch5.0.0rc2
ORphpphpMatch5.0.0rc3
ORphpphpMatch5.0.1
ORphpphpMatch5.0.2
ORphpphpMatch5.0.3
ORphpphpMatch5.0.4
ORphpphpMatch5.0.5
ORphpphpMatch5.1.0
ORphpphpMatch5.1.1
ORphpphpMatch5.1.2
ORphpphpMatch5.1.3
ORphpphpMatch5.1.4
ORphpphpMatch5.1.5
ORphpphpMatch5.1.6
ORphpphpMatch5.2.0
ORphpphpMatch5.2.1
ORphpphpMatch5.2.2
ORphpphpMatch5.2.3
ORphpphpMatch5.2.4
ORphpphpMatch5.2.4windows
ORphpphpMatch5.2.5
ORphpphpMatch5.2.6
ORphpphpMatch5.2.7
ORphpphpMatch5.2.8
ORphpphpMatch5.2.9
ORphpphpMatch5.2.10
ORphpphpMatch5.2.11
Related
prion
prion
Design/Logic Flaw
2009-12-24 17:30:00
ubuntucve
ubuntucve
CVE-2009-4418
2009-12-24 00:00:00
cvelist
cvelist
CVE-2009-4418
2022-10-03 16:24:04
nvd
nvd
CVE-2009-4418
2009-12-24 17:30:00
openvas
openvas
PHP 'unserialize()' Function Denial of Service Vulnerability
2009-12-31 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%
Related for CVE-2009-4418