[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77982

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-3291

Date: (C)2009-09-22   (M)2017-09-22
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Reference:
SECTRACK-1022914
SECUNIA-36791
SECUNIA-37482
SECUNIA-40262
OSVDB-58185
ADV-2009-3184
APPLE-SA-2009-11-09-1
DSA-1940
HPSBOV02683
HPSBUX02543
SSRT090208
SSRT100152
SUSE-SR:2009:017
http://support.apple.com/kb/HT3937
http://www.php.net/ChangeLog-5.php#5.2.11
http://www.php.net/releases/5_2_11.php
php-certificate-unspecified(53334)

CPE    102
cpe:/a:php:php:5
cpe:/a:php:php:5.2.10
cpe:/a:php:php:5.2.3
cpe:/a:php:php:5.2.4
...
CWE    1
CWE-20
OVAL    13
oval:org.secpod.oval:def:600424
oval:org.secpod.oval:def:300731
oval:org.mitre.oval:def:7890
oval:org.secpod.oval:def:300489
...

© 2013 SecPod Technologies