CVE-2009-4143

Sažetak

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

Reference

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://marc.info/?l=bugtraq&m=127680701405735&w=2
http://secunia.com/advisories/37821
http://secunia.com/advisories/38648
http://secunia.com/advisories/40262
http://secunia.com/advisories/41480
http://secunia.com/advisories/41490
http://support.apple.com/kb/HT4077
http://www.debian.org/security/2010/dsa-2001
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
http://www.mandriva.com/security/advisories?name=MDVSA-2010:045
http://www.php.net/ChangeLog-5.php
http://www.php.net/releases/5_2_12.php
http://www.securityfocus.com/bid/37390
http://www.vupen.com/english/advisories/2009/3593
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:26

Objavljeno

21-12-2009 - 16:30