Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-3291
HistorySep 22, 2009 - 12:00 a.m.

CVE-2009-3291

2009-09-2200:00:00
ubuntu.com
ubuntu.com
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%

JSON

The php_openssl_apply_verification_policy function in PHP before 5.2.11
does not properly perform certificate validation, which has unknown impact
and attack vectors, probably related to an ability to spoof certificates.

Bugs

Notes

Author Note
mdeslaur NUL (‘\0’) character embedded in X509 certificate’s CommonName or subjectAltName given RH’s analysis of this issue, reprioritizing as “low”
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.17UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.9UNKNOWN
ubuntu8.10noarchphp5< 5.2.6-2ubuntu4.5UNKNOWN
ubuntu9.04noarchphp5< 5.2.6.dfsg.1-3ubuntu4.4UNKNOWN
ubuntu9.10noarchphp5< 5.2.10.dfsg.1-2ubuntu6.3UNKNOWN

Related

prion 1
cve 1
veracode 1
openvas 42
freebsd 1
nessus 20
securityvulns 2
slackware 1
seebug 1
debian 2
osv 1
redhat 1
oraclelinux 1
centos 1
ubuntu 1
gentoo 1
prion
prion
Code injection
2009-09-22 10:30:00
cve
cve
CVE-2009-3291
2009-09-22 10:30:00
veracode
veracode
Spoofing Attack
2020-04-10 00:42:39
openvas
openvas
FreeBSD Ports: php5
2009-10-19 00:00:00
Mandrake Security Advisory MDVSA-2009:248 (php)
2009-09-28 00:00:00
Slackware Advisory SSA:2009-276-02 php
2012-09-11 00:00:00
freebsd
freebsd
php5 -- Multiple security issues
2009-09-17 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2009:248)
2010-07-30 00:00:00
FreeBSD : php5 -- Multiple security issues (437a68cf-b752-11de-b6eb-00e0815b8da8)
2009-10-13 00:00:00
Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : php (SSA:2009-276-02)
2009-10-05 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:248 ] php
2009-09-28 00:00:00
PHP multiple security vulnerabilities
2009-10-20 00:00:00
slackware
slackware
php
2009-10-04 00:01:56
seebug
seebug
PHP 5.2.11版本修复多个安全漏洞
2009-09-23 00:00:00
debian
debian
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
2009-11-25 21:48:09
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
2009-11-25 21:48:09
osv
osv
php5 - multiple issues
2009-11-25 00:00:00
redhat
redhat
(RHSA-2010:0040) Moderate: php security update
2010-01-13 00:00:00
oraclelinux
oraclelinux
php security update
2010-01-13 00:00:00
centos
centos
php security update
2010-01-13 22:42:15
ubuntu
ubuntu
PHP vulnerabilities
2009-11-26 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%

JSON
Related for UB:CVE-2009-3291
prion1cve1veracode1openvas42freebsd1nessus20securityvulns2slackware1seebug1debian2osv1redhat1oraclelinux1centos1ubuntu1gentoo1