[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-3291Date: (C)2009-09-22   (M)2018-06-11


The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1022914
SECUNIA-36791
SECUNIA-37482
SECUNIA-40262
OSVDB-58185
ADV-2009-3184
APPLE-SA-2009-11-09-1
DSA-1940
HPSBOV02683
HPSBUX02543
SSRT090208
SSRT100152
SUSE-SR:2009:017
http://support.apple.com/kb/HT3937
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
php-certificate-unspecified(53334)

CPE    102
cpe:/a:php:php:5
cpe:/a:php:php:5.0.0:rc3
cpe:/a:php:php:3.0
cpe:/a:php:php:5.0.0:rc2
...
CWE    1
CWE-20
OVAL    13
oval:org.secpod.oval:def:700393
oval:org.secpod.oval:def:600424
oval:org.mitre.oval:def:7890
oval:org.secpod.oval:def:200034
...

© SecPod Technologies