Lucene search

PRIOn knowledge basePRION:CVE-2009-3291

HistorySep 22, 2009 - 10:30 a.m.

Code injection

2009-09-2210:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.7%

JSON

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.4.9
phpeq3.0
phpeq5.2.9
phpeq4.0 beta1
phpeq3.0.5
phpeq3.0.11
phpeq5.1.5
phpeq5.1.2
phpeq4.0 beta4

Name	Operator	Version
php	eq	4.3.9
php	eq	4.4.9
php	eq	3.0
php	eq	5.2.9
php	eq	4.0 beta1
php	eq	3.0.5
php	eq	3.0.11
php	eq	5.1.5
php	eq	5.1.2
php	eq	4.0 beta4

Rows per page:

1-10 of 1121

References

lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

secunia.com/advisories/36791

secunia.com/advisories/37482

secunia.com/advisories/40262

support.apple.com/kb/HT3937

www.debian.org/security/2009/dsa-1940

www.osvdb.org/58185

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_11.php

www.securitytracker.com/id?1022914

www.vupen.com/english/advisories/2009/3184

exchange.xforce.ibmcloud.com/vulnerabilities/53334

marc.info/?l=bugtraq&m=127680701405735&w=2

marc.info/?l=bugtraq&m=130497311408250&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10438

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7394

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.7%

JSON

Related for PRION:CVE-2009-3291