FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-4143

This CVE name corresponds to:

Entered Topic
2009-12-17 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-4143
Phase Assigned(20091201)

Description

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

References

Source Reference
CONFIRM http://www.php.net/ChangeLog-5.php
CONFIRM http://www.php.net/releases/5_2_12.php
CONFIRM http://support.apple.com/kb/HT4077
APPLE APPLE-SA-2010-03-29-1
DEBIAN DSA-2001
HP HPSBUX02543
HP SSRT100152
HP HPSBMA02568
HP SSRT100219
MANDRIVA MDVSA-2010:045
BID 37390
OVAL oval:org.mitre.oval:def:7439
SECUNIA 37821
SECUNIA 38648
SECUNIA 40262
SECUNIA 41480
SECUNIA 41490
VUPEN ADV-2009-3593