PT-2009-3367 · Php+1 · Php+1

Jan Lieskovsky

Published

2009-03-03

Updated

2018-10-03

CVE-2009-0754

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP versions 4.4.4, 5.1.6, and other versions

Description The issue allows local users to modify the behavior of other sites hosted on the same web server by modifying the mbstring.func overload setting within .htaccess. This causes the setting to be applied to other virtual hosts on the same server, potentially leading to unintended behavior.

Recommendations For PHP versions 4.4.4 and 5.1.6, consider restricting access to the .htaccess file to prevent modification of the mbstring.func overload setting. For other affected versions, restrict modifications to the mbstring.func overload setting within .htaccess to prevent its application to other virtual hosts.

Exploit

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2009-0754

DSA-1789-1

RHSA-2009:0337

RHSA-2009:0338

RHSA-2009:0350

RHSA-2009_0337

RHSA-2009_0338

Affected Products

Php

Red Hat

PT-2009-3367 · Php+1 · Php+1

CVE-2009-0754

Weakness Enumeration

Related Identifiers

Affected Products

References · 33