Vulnerability CVE-2009-0754

Vulnerability Name:

CVE-2009-0754 (CCN-48425)

Assigned:

2004-02-27

Published:

2004-02-27

Updated:

2018-10-03

Summary:

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-134

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: PHP Bug #27421
mbstring.func_overload set in .htaccess becomes global

Source: CONFIRM
Type: Exploit, Vendor Advisory
http://bugs.php.net/bug.php?id=27421

Source: MITRE
Type: CNA
CVE-2009-0754

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:008

Source: CCN
Type: RHSA-2009-0337
Moderate: php security update

Source: CCN
Type: RHSA-2009-0338
Moderate: php security update

Source: CCN
Type: RHSA-2009-0350
Moderate: php security update

Source: SECUNIA
Type: UNKNOWN
34642

Source: SECUNIA
Type: UNKNOWN
34830

Source: SECUNIA
Type: UNKNOWN
35003

Source: SECUNIA
Type: UNKNOWN
35007

Source: SECUNIA
Type: UNKNOWN
35306

Source: CCN
Type: SECTRACK ID: 1021979
PHP Lets Local Users Deny Service in Certain Cases

Source: CCN
Type: ASA-2009-161
php security update (RHSA-2009-0337)

Source: DEBIAN
Type: UNKNOWN
DSA-1789

Source: DEBIAN
Type: DSA-1789
php5 -- several vulnerabilities

Source: CCN
Type: GLSA-201001-03
PHP: Multiple vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20090130 CVE Request - php (PHP BZ#27421)

Source: MLIST
Type: UNKNOWN
[oss-security] 20090203 Re: CVE Request - php (PHP BZ#27421)

Source: MLIST
Type: UNKNOWN
[oss-security] 20090225 Re: CVE Request - php (PHP BZ#27421)

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0350

Source: CCN
Type: BID-33542
PHP 'mbstring.func_overload' Webserver Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021979

Source: CCN
Type: USN-761-1
PHP vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 479272
PHP mbstring.func_overload web server denial of service

Source: XF
Type: UNKNOWN
php-mbstringfuncoverload-dos(48425)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11035

Source: UBUNTU
Type: UNKNOWN
USN-761-1

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-3768

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-3848

Source: SUSE
Type: SUSE-SR:2009:008
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:4.4.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

AND

cpe:/a:apache:apache:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:4.3.9:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*

OR cpe:/a:php:php:4.3.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20090754	V	CVE-2009-0754	2022-05-20
oval:org.opensuse.security:def:32237	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:32144	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:29372	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:42077	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:31150	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31748	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31356	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:32010	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35670	P	apache2-mod_php5-5.2.14-0.7.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31936	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32642	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25222	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:28345	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:31448	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:31958	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32681	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25233	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27914	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28497	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:31505	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32596	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32703	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25297	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:27915	P	Security update for xorg-x11-libs	2020-12-01
oval:org.opensuse.security:def:28550	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:31592	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32635	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32747	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25425	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:25953	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27926	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28599	P	Security update for strongswan	2020-12-01
oval:org.opensuse.security:def:31138	P	Security update for lcms	2020-12-01
oval:org.opensuse.security:def:32294	P	Security update for ppp (Moderate)	2020-12-01
oval:org.opensuse.security:def:33385	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:25506	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27990	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28638	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31139	P	Security update for less (Moderate)	2020-12-01
oval:org.opensuse.security:def:31804	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:32381	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:33424	P	Security update for PHP5	2020-12-01
oval:org.opensuse.security:def:25563	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:26635	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28120	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28654	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31853	P	Security update for coreutils (Important)	2020-12-01
oval:org.opensuse.security:def:31924	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:32537	P	kdelibs4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25647	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:26670	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28204	P	Security update for libidn (Moderate)	2020-12-01
oval:org.opensuse.security:def:28698	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:31925	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:32593	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25221	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25798	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:28261	P	Security update for memcached (Moderate)	2020-12-01
oval:org.opensuse.security:def:29336	P	Security update for cobbler	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.mitre.oval:def:29345	P	RHSA-2009:0338 -- php security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:13775	P	USN-761-1 -- php5 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13696	P	DSA-1789-1 php5 -- several	2014-06-23
oval:org.mitre.oval:def:8164	P	DSA-1789 php5 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22732	P	ELSA-2009:0338: php security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:11035	V	PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.	2013-04-29
oval:org.debian:def:1789	V	several vulnerabilities	2009-05-04
oval:com.redhat.rhsa:def:20090337	P	RHSA-2009:0337: php security update (Moderate)	2009-04-06
oval:com.redhat.rhsa:def:20090338	P	RHSA-2009:0338: php security update (Moderate)	2009-04-06

BACK