2.1

CVE-2009-0754

Exploit
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version4.4.4
   ApacheApache
PhpPhp Version5.1.6
   ApacheApache
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.565
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/34642
http://secunia.com/advisories/35003
http://www.debian.org/security/2009/dsa-1789
http://secunia.com/advisories/35306
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://secunia.com/advisories/34830
http://secunia.com/advisories/35007
https://usn.ubuntu.com/761-1/
http://bugs.php.net/bug.php?id=27421
Vendor Advisory
Exploit
http://www.openwall.com/lists/oss-security/2009/01/30/1
http://www.openwall.com/lists/oss-security/2009/02/03/3
http://www.openwall.com/lists/oss-security/2009/02/25/3
http://www.securitytracker.com/id?1021979
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035