10
CVE-2009-4143
- EPSS 2.95%
- Veröffentlicht 21.12.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:07
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.95% | 0.854 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://www.php.net/ChangeLog-5.php
http://marc.info/?l=bugtraq&m=127680701405735&w=2
http://secunia.com/advisories/40262
http://secunia.com/advisories/41480
http://secunia.com/advisories/41490
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
http://secunia.com/advisories/37821
http://www.php.net/releases/5_2_12.php
http://www.vupen.com/english/advisories/2009/3593
http://secunia.com/advisories/38648
http://www.debian.org/security/2010/dsa-2001
http://www.mandriva.com/security/advisories?name=MDVSA-2010:045
http://www.securityfocus.com/bid/37390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439