Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15209
HistoryJan 08, 2010 - 12:00 a.m.

PHP mbstring.func_overload Webserver本地拒绝服务漏洞

2010-01-0800:00:00
Root
www.seebug.org
21

0.0004 Low

EPSS

Percentile

0.4%

JSON

BUGTRAQ ID: 33542
CVE ID: CVE-2009-0754

PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。

运行在Apache上的PHP允许本地用户通过修改.htaccess中的mbstring.func_overload设置来修改同一Web服务器上所承载的其他站点的行为,将设置应用到同一服务器的其他虚拟主机,导致无法正确的处理多字节字符串。

PHP PHP 5.1.6
PHP PHP 4.4.4
厂商补丁:

PHP

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://snaps.php.net/

RedHat

RedHat已经为此发布了一个安全公告(Moderate: php security update)以及相应补丁:
Moderate: php security update:Moderate: php security update
链接:https://www.redhat.com/support/errata/Moderate-Moderate:.html

Gentoo

Gentoo已经为此发布了一个安全公告(GLSA 201001-03)以及相应补丁:
GLSA 201001-03:PHP: Multiple vulnerabilities
链接:http://security.gentoo.org/glsa/201001-03.xml

Related

veracode 1
ubuntucve 1
securityvulns 2
cve 1
openvas 45
prion 1
nessus 19
ubuntu 1
oraclelinux 2
redhat 3
centos 2
debian 1
osv 1
fedora 4
gentoo 1
veracode
veracode
Authorization Bypass
2020-04-10 00:31:24
ubuntucve
ubuntucve
CVE-2009-0754
2009-03-03 00:00:00
securityvulns
securityvulns
PHP unauthorized access
2009-03-06 00:00:00
[ MDVSA-2009:066 ] php
2009-03-06 00:00:00
cve
cve
CVE-2009-0754
2009-03-03 16:30:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:066 (php)
2009-03-07 00:00:00
PHP 'mbstring.func_overload' DoS Vulnerability
2009-03-17 00:00:00
Mandrake Security Advisory MDVSA-2009:066 (php)
2009-03-07 00:00:00
prion
prion
Code injection
2009-03-03 16:30:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2009:066)
2009-04-23 00:00:00
openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-593)
2009-07-21 00:00:00
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-6068)
2009-04-03 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2009-04-20 00:00:00
oraclelinux
oraclelinux
php security update
2009-04-06 00:00:00
php security update
2009-04-06 00:00:00
redhat
redhat
(RHSA-2009:0337) Moderate: php security update
2009-04-06 00:00:00
(RHSA-2009:0338) Moderate: php security update
2009-04-06 00:00:00
(RHSA-2009:0350) Moderate: php security update
2009-04-14 00:00:00
centos
centos
php security update
2009-04-06 17:44:07
php security update
2009-04-07 12:21:16
debian
debian
[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities
2009-05-04 20:58:11
osv
osv
php5 - several vulnerabilities
2009-05-04 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: php-5.2.9-2.fc10
2009-05-30 02:34:40
[SECURITY] Fedora 9 Update: php-5.2.9-2.fc9
2009-05-30 02:38:47
[SECURITY] Fedora 9 Update: maniadrive-1.2-13.fc9
2009-05-30 02:38:47
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for SSV:15209
veracode1ubuntucve1securityvulns2cve1openvas45prion1nessus19ubuntu1oraclelinux2redhat3centos2debian1osv1fedora4gentoo1