[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3291Date: (C)2009-09-22   (M)2024-04-19


The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1022914
SECUNIA-36791
SECUNIA-37482
SECUNIA-40262
OSVDB-58185
ADV-2009-3184
APPLE-SA-2009-11-09-1
DSA-1940
HPSBUX02543
SSRT090208
SUSE-SR:2009:017
http://support.apple.com/kb/HT3937
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
oval:org.mitre.oval:def:10438
oval:org.mitre.oval:def:7394
php-certificate-unspecified(53334)

CPE    97
cpe:/a:php:php:5.0.0:rc3
cpe:/a:php:php:3.0
cpe:/a:php:php:5.0.0:rc2
cpe:/a:php:php:5.0.0:rc1
...
CWE    1
CWE-20
OVAL    13
oval:org.secpod.oval:def:600424
oval:org.secpod.oval:def:700393
oval:org.secpod.oval:def:200125
oval:org.secpod.oval:def:300731
...

© SecPod Technologies