PRIOn knowledge basePRION:CVE-2009-4143

HistoryDec 21, 2009 - 4:30 p.m.

Memory corruption

2009-12-2116:30:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.4%

JSON

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.4.9
phpeq3.0
phpeq5.2.9
phpeq4.0 beta1
phpeq3.0.5
phpeq3.0.11
phpeq5.1.5
phpeq5.1.2
phpeq4.0 beta4

Name	Operator	Version
php	eq	4.3.9
php	eq	4.4.9
php	eq	3.0
php	eq	5.2.9
php	eq	4.0 beta1
php	eq	3.0.5
php	eq	3.0.11
php	eq	5.1.5
php	eq	5.1.2
php	eq	4.0 beta4

Rows per page:

1-10 of 1081

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

secunia.com/advisories/37821

secunia.com/advisories/38648

secunia.com/advisories/40262

secunia.com/advisories/41480

secunia.com/advisories/41490

support.apple.com/kb/HT4077

www.debian.org/security/2010/dsa-2001

www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

www.mandriva.com/security/advisories?name=MDVSA-2010:045

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_12.php

www.securityfocus.com/bid/37390

www.vupen.com/english/advisories/2009/3593

marc.info/?l=bugtraq&m=127680701405735&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439

6.7 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.4%

JSON

Related for PRION:CVE-2009-4143