[Forgot Password]
Login  Register Subscribe

23631

 
 

125613

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-3291

Date: (C)2009-09-22   (M)2017-11-18 


The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1022914
SECUNIA-36791
SECUNIA-37482
SECUNIA-40262
OSVDB-58185
ADV-2009-3184
APPLE-SA-2009-11-09-1
DSA-1940
HPSBOV02683
HPSBUX02543
SSRT090208
SSRT100152
SUSE-SR:2009:017
http://support.apple.com/kb/HT3937
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
php-certificate-unspecified(53334)

CPE    102
cpe:/a:php:php:5
cpe:/a:php:php:4.3
cpe:/a:php:php:4.2
cpe:/a:php:php:4.0
...
CWE    1
CWE-20
OVAL    13
oval:org.secpod.oval:def:300731
oval:org.secpod.oval:def:300489
oval:org.secpod.oval:def:300623
oval:org.secpod.oval:def:200125
...

© 2013 SecPod Technologies