Lucene search

K

[email protected]NVD:CVE-2009-1272

HistoryApr 08, 2009 - 6:30 p.m.

CVE-2009-1272

2009-04-0818:30:00

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.2%

The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.

Affected configurations

NVD

Node

phpphpMatch5.2.0

OR

phpphpMatch5.2.1

OR

phpphpMatch5.2.2

OR

phpphpMatch5.2.3

OR

phpphpMatch5.2.4

OR

phpphpMatch5.2.4windows

OR

phpphpMatch5.2.5

OR

phpphpMatch5.2.6

OR

phpphpMatch5.2.7

OR

phpphpMatch5.2.8

References

cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.48&r2=1.1.2.49

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

marc.info/?l=bugtraq&m=125017764422557&w=2

secunia.com/advisories/35685

secunia.com/advisories/36701

support.apple.com/kb/HT3865

www.openwall.com/lists/oss-security/2009/04/01/9

www.openwall.com/lists/oss-security/2009/04/09/1

www.php.net/releases/5_2_9.php

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.3 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.2%

Related for NVD:CVE-2009-1272

cve1 prion1 openvas12 cvelist1 ubuntucve1 nessus5 securityvulns1 gentoo1