Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-4017
HistoryNov 24, 2009 - 12:30 a.m.

CVE-2009-4017

2009-11-2400:30:00
CWE-770
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Affected configurations

NVD
Node
phpphpRange<5.2.12
OR
phpphpMatch5.3.0-
OR
phpphpMatch5.3.0alpha1
OR
phpphpMatch5.3.0alpha2
OR
phpphpMatch5.3.0alpha3
OR
phpphpMatch5.3.0beta1
OR
phpphpMatch5.3.0rc1
OR
phpphpMatch5.3.0rc2
OR
phpphpMatch5.3.0rc3
OR
phpphpMatch5.3.0rc4
Node
applemac_os_xMatch10.6.3
OR
debiandebian_linuxMatch4.0
OR
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0

References

Related

openvas 37
veracode 1
prion 1
f5 4
cvelist 1
cve 1
ubuntucve 1
fedora 2
nessus 25
slackware 1
freebsd 1
securityvulns 2
redhat 1
oraclelinux 1
centos 1
ubuntu 1
gentoo 1
threatpost 1
openvas
openvas
Mandriva Security Advisory MDVSA-2009:305 (php)
2009-12-10 00:00:00
Mandriva Security Advisory MDVSA-2009:305 (php)
2009-12-10 00:00:00
PHP < 5.3.1 Multiple Vulnerabilities
2009-11-23 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:42:40
prion
prion
Design/Logic Flaw
2009-11-24 00:30:00
f5
f5
SOL13993 - Cross-site URL redirection attack vulnerability CVE-2009-4017
2012-11-02 00:00:00
SOL13279 - PHP vulnerability CVE-2009-4017
2012-01-13 00:00:00
K13279 : PHP vulnerability CVE-2009-4017
2013-09-12 00:00:00
cvelist
cvelist
CVE-2009-4017
2009-11-24 00:00:00
cve
cve
CVE-2009-4017
2009-11-24 00:30:00
ubuntucve
ubuntucve
CVE-2009-4017
2009-11-23 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: maniadrive-1.2-17.fc11
2010-02-01 01:09:42
[SECURITY] Fedora 11 Update: php-5.2.12-1.fc11
2010-02-01 01:09:42
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2009:304)
2009-11-30 00:00:00
Fedora 11 : maniadrive-1.2-17.fc11 / php-5.2.12-1.fc11 (2010-0495)
2010-07-01 00:00:00
Mandriva Linux Security Advisory : php (MDVSA-2009:303)
2010-07-30 00:00:00
slackware
slackware
[slackware-security] php
2010-01-25 05:20:07
freebsd
freebsd
php -- multiple vulnerabilities
2009-12-17 00:00:00
securityvulns
securityvulns
PHP 5.2.12 Release Announcement
2010-01-08 00:00:00
[security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows, Remote Cross Site Scripting &#40;XSS&#41;, HTTP Response Splitting, and Other Vulnerabilities
2010-09-17 00:00:00
redhat
redhat
(RHSA-2010:0040) Moderate: php security update
2010-01-13 00:00:00
oraclelinux
oraclelinux
php security update
2010-01-13 00:00:00
centos
centos
php security update
2010-01-13 22:42:15
ubuntu
ubuntu
PHP vulnerabilities
2009-11-26 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON
Related for NVD:CVE-2009-4017
openvas37veracode1prion1f54cvelist1cve1ubuntucve1fedora2nessus25slackware1freebsd1securityvulns2redhat1oraclelinux1centos1ubuntu1gentoo1threatpost1