• Tenable
  • CVEs
  • Settings
    Links
    Tenable.io Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Links
  • Tenable.io
  • Tenable Community & Support
  • Tenable University
  • Settings
  • Severity
  • Theme
  • Newest
  • Updated
  • Search
  • Newest
  • Updated
  • Search
  1. CVEs
  2. CVE-2009-0754
  1. CVEs

CVE-2009-0754

low
  • Information
  • CPEs
  • Plugins

Description

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

References

http://bugs.php.net/bug.php?id=27421

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://secunia.com/advisories/34642

http://secunia.com/advisories/34830

http://secunia.com/advisories/35003

http://secunia.com/advisories/35007

http://secunia.com/advisories/35306

http://www.debian.org/security/2009/dsa-1789

http://www.openwall.com/lists/oss-security/2009/01/30/1

http://www.openwall.com/lists/oss-security/2009/02/03/3

http://www.openwall.com/lists/oss-security/2009/02/25/3

http://www.redhat.com/support/errata/RHSA-2009-0350.html

http://www.securitytracker.com/id?1021979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035

https://usn.ubuntu.com/761-1/

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

Details

Source: MITRE

Published: 2009-03-03

Updated: 2018-10-03

Type: CWE-134

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2023 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance