Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-4143 | First vendor Publication | 2009-12-21 |
Vendor | Cve | Last vendor Modification | 2018-10-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13556 | |||
Oval ID: | oval:org.mitre.oval:def:13556 | ||
Title: | DSA-2002-1 polipo -- denial of service | ||
Description: | Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3305 A malicious remote sever could cause polipo to crash by sending an invalid Cache-Control header. CVE-2009-4143 A malicious client could cause polipo to crash by sending a large Content-Length value. This upgrade also fixes some other bugs that could lead to a daemon crash or an infinite loop and may be triggerable remotely. For the stable distribution, these problems have been fixed in version 1.0.4-1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.0.4-3. We recommend that you upgrade your polipo packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2002-1 CVE-2009-3305 CVE-2009-4413 CVE-2009-4143 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | polipo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7439 | |||
Oval ID: | oval:org.mitre.oval:def:7439 | ||
Title: | HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS) | ||
Description: | PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4143 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7445 | |||
Oval ID: | oval:org.mitre.oval:def:7445 | ||
Title: | DSA-2002 polipo -- denial of service | ||
Description: | Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: A malicous remote sever could cause polipo to crash by sending an invalid Cache-Control header. A malicous client could cause polipo to crash by sending a large Content-Length value. This upgrade also fixes some other bugs that could lead to a daemon crash or an infinite loop and may be triggerable remotely. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2002 CVE-2009-3305 CVE-2009-4413 CVE-2009-4143 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | polipo |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-06-23 | Name : HP-UX Update for Apache with PHP HPSBUX02543 File : nvt/gb_hp_ux_HPSBUX02543.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-03-02 | Name : Mandriva Update for php MDVSA-2010:045 (php) File : nvt/gb_mandriva_MDVSA_2010_045.nasl |
2010-01-29 | Name : Mandriva Update for urpmi MDVA-2010:045 (urpmi) File : nvt/gb_mandriva_MDVA_2010_045.nasl |
2010-01-19 | Name : Ubuntu Update for php5 vulnerabilities USN-882-1 File : nvt/gb_ubuntu_USN_882_1.nasl |
2010-01-07 | Name : Gentoo Security Advisory GLSA 201001-03 (php) File : nvt/glsa_201001_03.nasl |
2009-12-30 | Name : FreeBSD Ports: php5 File : nvt/freebsd_php56.nasl |
2009-12-18 | Name : PHP < 5.2.12 Multiple Vulnerabilities File : nvt/php_dec_2009.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-024-02 php File : nvt/esoft_slk_ssa_2010_024_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61208 | PHP $_SESSION Interrupt Corruption Unspecified Issue |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-17 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-03.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2001.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2002.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-045.nasl - Type : ACT_GATHER_INFO |
2010-01-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-024-02.nasl - Type : ACT_GATHER_INFO |
2010-01-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-882-1.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_39a25a63eb5c11deb65000215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote web server uses a version of PHP that is affected by multiple flaws. File : php_5_2_12.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:12:00 |
|
2024-02-01 12:03:22 |
|
2023-09-05 12:11:18 |
|
2023-09-05 01:03:13 |
|
2023-09-02 12:11:21 |
|
2023-09-02 01:03:14 |
|
2023-08-12 12:13:20 |
|
2023-08-12 01:03:14 |
|
2023-08-11 12:11:24 |
|
2023-08-11 01:03:21 |
|
2023-08-06 12:10:57 |
|
2023-08-06 01:03:15 |
|
2023-08-04 12:11:02 |
|
2023-08-04 01:03:17 |
|
2023-07-14 12:10:59 |
|
2023-07-14 01:03:15 |
|
2023-03-29 01:12:35 |
|
2023-03-28 12:03:21 |
|
2022-10-11 12:09:47 |
|
2022-10-11 01:03:03 |
|
2021-05-04 12:10:33 |
|
2021-04-22 01:11:01 |
|
2020-05-23 01:41:09 |
|
2020-05-23 00:24:40 |
|
2019-06-08 12:03:01 |
|
2018-10-31 00:20:00 |
|
2018-10-04 12:05:29 |
|
2017-09-19 09:23:31 |
|
2016-10-29 01:00:44 |
|
2016-06-28 17:54:49 |
|
2016-04-26 19:17:22 |
|
2014-02-17 10:52:32 |
|
2013-05-11 00:01:45 |
|