CVE-2009-4143

PHP < 5.2.12 - Session Data Handling Vulnerability

Title source: llm
STIX 2.1

Description

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

References (16)

Core 16
Core References
Vendor Advisory x_refsource_confirm
http://www.php.net/releases/5_2_12.php
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40262
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37390
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127680701405735&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37821
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38648
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41490
Various Sources vendor-advisory x_refsource_hp
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:045
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3593
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2001
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41480
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439

Scores

EPSS 0.0771
EPSS Percentile 92.0%

Details

Status published
Products (39)
php/php 1.0
php/php 2.0
php/php 2.0b10
php/php 3.0
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
... and 29 more
Published Dec 21, 2009
Tracked Since Feb 18, 2026