CVE-2009-4143

Related Files

HP Security Bulletin HPSBMA02568 SSRT100219

Posted Sep 17, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management

tags | advisory, vulnerability

advisories | CVE-2010-3010, CVE-2010-3011, CVE-2010-2068, CVE-2009-4143, CVE-2009-4018, CVE-2009-4017, CVE-2009-3555

SHA-256 | 4f3a1130660537776ac3b87a044ba9ef2437af279d73c30808b2d52cca21894d

Download | Favorite | View

HP Security Bulletin HPSBUX02543 SSRT100152

Posted Jun 19, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) gain unauthorized access, and perform cross site scripting (XSS).

tags | advisory, denial of service, php, vulnerability, xss

systems | hpux

advisories | CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3557, CVE-2009-4017, CVE-2009-4018, CVE-2009-4142, CVE-2009-4143

SHA-256 | c1954c41fb731ee70c50740ef529fcd3936287138bfd2ad9872394c9aa5a8553

Download | Favorite | View

Mandriva Linux Security Advisory 2010-045

Posted Feb 24, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-045 - PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, php

systems | linux, mandriva

advisories | CVE-2009-4143

SHA-256 | 5e1d79fbc714c342600f61a55faaf39702ec104c83371e68e25ff475aa0b22d2

Download | Favorite | View

Debian Linux Security Advisory 2001-1

Posted Feb 20, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2001-1 - Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor.

tags | advisory, remote, php, vulnerability

systems | linux, debian

advisories | CVE-2009-4142, CVE-2009-4143

SHA-256 | 47ce4bcadf3285a7bf3d80e1343752dc3b64068d96f73b4b6352d6ac447f427d

Download | Favorite | View

Ubuntu Security Notice 882-1

Posted Jan 14, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 882-1 - Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions.

tags | advisory, remote, denial of service, php, vulnerability, xss

systems | linux, ubuntu

advisories | CVE-2009-2626, CVE-2009-4142, CVE-2009-4143

SHA-256 | cd84529d17d2626ad3cfc09945cde3a151f1ded241b92b2d05de3bbf06264243

Download | Favorite | View