Oval Definition:	oval:org.opensuse.security:def:20093559
Revision Date: 2022-09-02 Version: 1 Title: CVE-2009-3559 Description: ** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2009-3559 SUSE CVE-2009-3559 Platform(s): SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Legacy 15 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis SUSE Linux Enterprise Server 11 SP4 is installed AND tomcat6 is not affected Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP3 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed AND java-1_8_0-openjdk is not affected Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 is installed AND java-10-openjdk is not affected Definition Synopsis Release Information SUSE Linux Enterprise Module for Legacy 15 is installed AND java-1_8_0-openjdk is not affected OR Package Information SUSE Linux Enterprise Module for Basesystem 15 is installed AND java-10-openjdk is not affected Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP1 is installed OR SUSE Linux Enterprise Server 11 SP3 is installed AND tomcat6 is not affected Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND tomcat is not affected OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND tomcat is affected OR tomcat-admin-webapps is affected OR tomcat-docs-webapp is affected OR tomcat-el-3_0-api is affected OR tomcat-javadoc is affected OR tomcat-jsp-2_3-api is affected OR tomcat-lib is affected OR tomcat-servlet-3_1-api is affected OR tomcat-webapps is affected OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND tomcat is not affected OR tomcat-admin-webapps is not affected OR tomcat-docs-webapp is not affected OR tomcat-el-3_0-api is not affected OR tomcat-javadoc is not affected OR tomcat-jsp-2_3-api is not affected OR tomcat-lib is not affected OR tomcat-servlet-4_0-api is not affected OR tomcat-webapps is not affected Definition Synopsis Release Information SUSE OpenStack Cloud 8 is installed OR SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libpcre1 is affected OR libpcre1-32bit is affected OR libpcre16-0 is affected OR libpcrecpp0 is affected OR libpcreposix0 is affected OR pcre-devel is affected OR tomcat is affected OR tomcat-admin-webapps is affected OR tomcat-docs-webapp is affected OR tomcat-el-3_0-api is affected OR tomcat-javadoc is affected OR tomcat-jsp-2_3-api is affected OR tomcat-lib is affected OR tomcat-servlet-3_1-api is affected OR tomcat-webapps is affected Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP4 is installed AND tomcat is not affected OR Package Information SUSE OpenStack Cloud 9 is installed OR SUSE OpenStack Cloud Crowbar 9 is installed AND libpcre1 is affected OR libpcre1-32bit is affected OR libpcre16-0 is affected OR libpcrecpp0 is affected OR libpcreposix0 is affected OR pcre-devel is affected OR tomcat is not affected OR tomcat-admin-webapps is not affected OR tomcat-docs-webapp is not affected OR tomcat-el-3_0-api is not affected OR tomcat-javadoc is not affected OR tomcat-jsp-2_3-api is not affected OR tomcat-lib is not affected OR tomcat-servlet-4_0-api is not affected OR tomcat-webapps is not affected Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed AND tomcat is not affected OR Package Information SUSE Linux Enterprise Server 12 SP5 is installed AND tomcat is not affected OR tomcat-admin-webapps is not affected OR tomcat-docs-webapp is not affected OR tomcat-el-3_0-api is not affected OR tomcat-javadoc is not affected OR tomcat-jsp-2_3-api is not affected OR tomcat-lib is not affected OR tomcat-servlet-4_0-api is not affected OR tomcat-webapps is not affected Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP4 is installed AND tomcat is not affected OR Package Information SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed AND tomcat is not affected OR tomcat-admin-webapps is not affected OR tomcat-docs-webapp is not affected OR tomcat-el-3_0-api is not affected OR tomcat-javadoc is not affected OR tomcat-jsp-2_3-api is not affected OR tomcat-lib is not affected OR tomcat-servlet-4_0-api is not affected OR tomcat-webapps is not affected
BACK