exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2009-4143

Status Candidate

Overview

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

Related Files

HP Security Bulletin HPSBMA02568 SSRT100219
Posted Sep 17, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management

tags | advisory, vulnerability
advisories | CVE-2010-3010, CVE-2010-3011, CVE-2010-2068, CVE-2009-4143, CVE-2009-4018, CVE-2009-4017, CVE-2009-3555
SHA-256 | 4f3a1130660537776ac3b87a044ba9ef2437af279d73c30808b2d52cca21894d
HP Security Bulletin HPSBUX02543 SSRT100152
Posted Jun 19, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) gain unauthorized access, and perform cross site scripting (XSS).

tags | advisory, denial of service, php, vulnerability, xss
systems | hpux
advisories | CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3557, CVE-2009-4017, CVE-2009-4018, CVE-2009-4142, CVE-2009-4143
SHA-256 | c1954c41fb731ee70c50740ef529fcd3936287138bfd2ad9872394c9aa5a8553
Mandriva Linux Security Advisory 2010-045
Posted Feb 24, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-045 - PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2009-4143
SHA-256 | 5e1d79fbc714c342600f61a55faaf39702ec104c83371e68e25ff475aa0b22d2
Debian Linux Security Advisory 2001-1
Posted Feb 20, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2001-1 - Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor.

tags | advisory, remote, php, vulnerability
systems | linux, debian
advisories | CVE-2009-4142, CVE-2009-4143
SHA-256 | 47ce4bcadf3285a7bf3d80e1343752dc3b64068d96f73b4b6352d6ac447f427d
Ubuntu Security Notice 882-1
Posted Jan 14, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 882-1 - Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions.

tags | advisory, remote, denial of service, php, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2009-2626, CVE-2009-4142, CVE-2009-4143
SHA-256 | cd84529d17d2626ad3cfc09945cde3a151f1ded241b92b2d05de3bbf06264243
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close