Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-4143

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

Published

2009-12-21T16:30:00.360

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	≤ 5.2.11	Yes
Application	php	php	1.0	Yes
Application	php	php	2.0	Yes
Application	php	php	2.0b10	Yes
Application	php	php	3.0	Yes
Application	php	php	3.0.1	Yes
Application	php	php	3.0.2	Yes
Application	php	php	3.0.3	Yes
Application	php	php	3.0.4	Yes
Application	php	php	3.0.5	Yes
Application	php	php	3.0.6	Yes
Application	php	php	3.0.7	Yes
Application	php	php	3.0.8	Yes
Application	php	php	3.0.9	Yes
Application	php	php	3.0.10	Yes
Application	php	php	3.0.11	Yes
Application	php	php	3.0.12	Yes
Application	php	php	3.0.13	Yes
Application	php	php	3.0.14	Yes
Application	php	php	3.0.15	Yes
Application	php	php	3.0.16	Yes
Application	php	php	3.0.17	Yes
Application	php	php	3.0.18	Yes
Application	php	php	4	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0.0	Yes
Application	php	php	4.0.1	Yes
Application	php	php	4.0.2	Yes
Application	php	php	4.0.3	Yes
Application	php	php	4.0.4	Yes
Application	php	php	4.0.5	Yes
Application	php	php	4.0.6	Yes
Application	php	php	4.0.7	Yes
Application	php	php	4.0.7	Yes
Application	php	php	4.0.7	Yes
Application	php	php	4.0.7	Yes
Application	php	php	4.0.7	Yes
Application	php	php	4.1.0	Yes
Application	php	php	4.1.1	Yes
Application	php	php	4.1.2	Yes
Application	php	php	4.2.0	Yes
Application	php	php	4.2.1	Yes
Application	php	php	4.2.2	Yes
Application	php	php	4.2.3	Yes
Application	php	php	4.3.0	Yes
Application	php	php	4.3.1	Yes
Application	php	php	4.3.2	Yes
Application	php	php	4.3.3	Yes
Application	php	php	4.3.4	Yes
Application	php	php	4.3.5	Yes
Application	php	php	4.3.6	Yes
Application	php	php	4.3.7	Yes
Application	php	php	4.3.8	Yes
Application	php	php	4.3.9	Yes
Application	php	php	4.3.10	Yes
Application	php	php	4.3.11	Yes
Application	php	php	4.4.0	Yes
Application	php	php	4.4.1	Yes
Application	php	php	4.4.2	Yes
Application	php	php	4.4.3	Yes
Application	php	php	4.4.4	Yes
Application	php	php	4.4.5	Yes
Application	php	php	4.4.6	Yes
Application	php	php	4.4.7	Yes
Application	php	php	4.4.8	Yes
Application	php	php	4.4.9	Yes
Application	php	php	5	Yes
Application	php	php	5.0	Yes
Application	php	php	5.0	Yes
Application	php	php	5.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.1	Yes
Application	php	php	5.0.2	Yes
Application	php	php	5.0.3	Yes
Application	php	php	5.0.4	Yes
Application	php	php	5.0.5	Yes
Application	php	php	5.1.0	Yes
Application	php	php	5.1.1	Yes
Application	php	php	5.1.2	Yes
Application	php	php	5.1.3	Yes
Application	php	php	5.1.4	Yes
Application	php	php	5.1.5	Yes
Application	php	php	5.1.6	Yes
Application	php	php	5.2.0	Yes
Application	php	php	5.2.1	Yes
Application	php	php	5.2.2	Yes
Application	php	php	5.2.3	Yes
Application	php	php	5.2.4	Yes
Application	php	php	5.2.5	Yes
Application	php	php	5.2.6	Yes
Application	php	php	5.2.7	Yes
Application	php	php	5.2.8	Yes
Application	php	php	5.2.9	Yes
Application	php	php	5.2.10	Yes

References

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html ([email protected])
http://marc.info/?l=bugtraq&m=127680701405735&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=127680701405735&w=2 ([email protected])
http://secunia.com/advisories/37821 Vendor Advisory ([email protected])
http://secunia.com/advisories/38648 Vendor Advisory ([email protected])
http://secunia.com/advisories/40262 Vendor Advisory ([email protected])
http://secunia.com/advisories/41480 Vendor Advisory ([email protected])
http://secunia.com/advisories/41490 Vendor Advisory ([email protected])
http://support.apple.com/kb/HT4077 ([email protected])
http://www.debian.org/security/2010/dsa-2001 ([email protected])
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 ([email protected])
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 ([email protected])
http://www.php.net/ChangeLog-5.php ([email protected])
http://www.php.net/releases/5_2_12.php Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/37390 ([email protected])
http://www.vupen.com/english/advisories/2009/3593 Vendor Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439 ([email protected])
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127680701405735&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=127680701405735&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37821 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38648 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40262 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/41480 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/41490 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4077 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2001 (af854a3a-2127-422b-91ae-364da2661108)
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 (af854a3a-2127-422b-91ae-364da2661108)
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/ChangeLog-5.php (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/releases/5_2_12.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37390 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3593 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439 (af854a3a-2127-422b-91ae-364da2661108)