2.1

CVE-2009-0754

Exploit

EPSS 0.21%
Veröffentlicht 03.03.2009 16:30:05
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php ≫ Php Version4.4.4

Apache ≫ Apache

Php ≫ Php Version5.1.6

Apache ≫ Apache

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.439

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://secunia.com/advisories/34642

http://secunia.com/advisories/35003

http://www.debian.org/security/2009/dsa-1789

http://secunia.com/advisories/35306

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://secunia.com/advisories/34830

http://secunia.com/advisories/35007

https://usn.ubuntu.com/761-1/

http://bugs.php.net/bug.php?id=27421

Vendor Advisory

Exploit

http://www.openwall.com/lists/oss-security/2009/01/30/1

http://www.openwall.com/lists/oss-security/2009/02/03/3

http://www.openwall.com/lists/oss-security/2009/02/25/3

http://www.securitytracker.com/id?1021979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035

https://nvd.nist.gov/vuln/detail/CVE-2009-0754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0754

EUVD