Vulnerability Description
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | <= 5.2.11 |
References
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://marc.info/?l=bugtraq&m=127680701405735&w=2
- http://secunia.com/advisories/37821Vendor Advisory
- http://secunia.com/advisories/38648Vendor Advisory
- http://secunia.com/advisories/40262Vendor Advisory
- http://secunia.com/advisories/41480Vendor Advisory
- http://secunia.com/advisories/41490Vendor Advisory
- http://support.apple.com/kb/HT4077
- http://www.debian.org/security/2010/dsa-2001
- http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:045
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/releases/5_2_12.phpVendor Advisory
- http://www.securityfocus.com/bid/37390
- http://www.vupen.com/english/advisories/2009/3593Vendor Advisory
FAQ
What is CVE-2009-4143?
CVE-2009-4143 is a vulnerability with a CVSS score of 10.0 (HIGH). PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_p...
How severe is CVE-2009-4143?
CVE-2009-4143 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4143?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.