2.1

CVE-2009-0754

Exploit

EPSS 0.21%
Published 03.03.2009 16:30:05
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

Affected products Warnungen 0 Metrics 2 CWE 1 References 20

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version4.4.4

Apache ≫ Apache

Php ≫ Php Version5.1.6

Apache ≫ Apache

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.44

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://secunia.com/advisories/34642

http://secunia.com/advisories/35003

http://www.debian.org/security/2009/dsa-1789

http://secunia.com/advisories/35306

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://secunia.com/advisories/34830

http://secunia.com/advisories/35007

https://usn.ubuntu.com/761-1/

http://bugs.php.net/bug.php?id=27421

Vendor Advisory

Exploit

http://www.openwall.com/lists/oss-security/2009/01/30/1

http://www.openwall.com/lists/oss-security/2009/02/03/3

http://www.openwall.com/lists/oss-security/2009/02/25/3

http://www.securitytracker.com/id?1021979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035

https://nvd.nist.gov/vuln/detail/CVE-2009-0754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0754

EUVD