PT-2009-3367 · Php+1 · Php+1

Jan Lieskovsky

Publicado

2009-03-03

Atualizado

2018-10-03

CVE-2009-0754

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP versions 4.4.4, 5.1.6, and other versions

Description The issue allows local users to modify the behavior of other sites hosted on the same web server by modifying the mbstring.func overload setting within .htaccess. This causes the setting to be applied to other virtual hosts on the same server, potentially leading to unintended behavior.

Recommendations For PHP versions 4.4.4 and 5.1.6, consider restricting access to the .htaccess file to prevent modification of the mbstring.func overload setting. For other affected versions, restrict modifications to the mbstring.func overload setting within .htaccess to prevent its application to other virtual hosts.

Exploit

Correção

Use of Externally-Controlled Format String

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-134

Identificadores relacionados

CVE-2009-0754

DSA-1789-1

RHSA-2009:0337

RHSA-2009:0338

RHSA-2009:0350

RHSA-2009_0337

RHSA-2009_0338

Produtos afetados

Php

Red Hat

PT-2009-3367 · Php+1 · Php+1

CVE-2009-0754

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33