CVE-2009-4017 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
php	php	𝑥 < 5.2.12
php	php	5.3.0
php	php	5.3.0:alpha1
php	php	5.3.0:alpha2
php	php	5.3.0:alpha3
php	php	5.3.0:beta1
php	php	5.3.0:rc1
php	php	5.3.0:rc2
php	php	5.3.0:rc3
php	php	5.3.0:rc4
apple	mac_os_x	10.6.3
debian	debian_linux	4.0
debian	debian_linux	5.0
debian	debian_linux	6.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php5

karmic	Fixed 5.2.10.dfsg.1-2ubuntu6.3 released
jaunty	Fixed 5.2.6.dfsg.1-3ubuntu4.4 released
intrepid	Fixed 5.2.6-2ubuntu4.5 released
hardy	Fixed 5.2.4-2ubuntu5.9 released
dapper	Fixed 5.1.2-1ubuntu3.17 released

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://marc.info/?l=bugtraq&m=127680701405735&w=2

http://marc.info/?l=bugtraq&m=127680701405735&w=2

http://news.php.net/php.announce/79

http://seclists.org/fulldisclosure/2009/Nov/228

http://secunia.com/advisories/37482

http://secunia.com/advisories/37821

http://secunia.com/advisories/40262

http://secunia.com/advisories/41480

http://secunia.com/advisories/41490

http://support.apple.com/kb/HT4077

http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/

http://www.debian.org/security/2009/dsa-1940

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.mandriva.com/security/advisories?name=MDVSA-2009:303

http://www.mandriva.com/security/advisories?name=MDVSA-2009:305

http://www.openwall.com/lists/oss-security/2009/11/20/2

http://www.openwall.com/lists/oss-security/2009/11/20/7

http://www.php.net/ChangeLog-5.php

http://www.php.net/releases/5_2_12.php

http://www.php.net/releases/5_3_1.php

http://www.securityfocus.com/archive/1/507982/100/0/threaded

http://www.vupen.com/english/advisories/2009/3593

https://exchange.xforce.ibmcloud.com/vulnerabilities/54455

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://marc.info/?l=bugtraq&m=127680701405735&w=2

http://marc.info/?l=bugtraq&m=127680701405735&w=2

http://news.php.net/php.announce/79

http://seclists.org/fulldisclosure/2009/Nov/228

http://secunia.com/advisories/37482

http://secunia.com/advisories/37821

http://secunia.com/advisories/40262

http://secunia.com/advisories/41480

http://secunia.com/advisories/41490

http://support.apple.com/kb/HT4077

http://www.acunetix.com/blog/websecuritynews/php-multipartform-data-denial-of-service/

http://www.debian.org/security/2009/dsa-1940

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995

http://www.mandriva.com/security/advisories?name=MDVSA-2009:303

http://www.mandriva.com/security/advisories?name=MDVSA-2009:305

http://www.openwall.com/lists/oss-security/2009/11/20/2

http://www.openwall.com/lists/oss-security/2009/11/20/7

http://www.php.net/ChangeLog-5.php

http://www.php.net/releases/5_2_12.php

http://www.php.net/releases/5_3_1.php

http://www.securityfocus.com/archive/1/507982/100/0/threaded

http://www.vupen.com/english/advisories/2009/3593

https://exchange.xforce.ibmcloud.com/vulnerabilities/54455

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10483

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6667