CVE-2009-4417

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
zendframework
𝑥
≤ 1.9.6
zendframework
0.1.3:preview
zendframework
0.1.4:preview
zendframework
0.1.5:preview
zendframework
0.2.0:preview
zendframework
0.6.0:preview
zendframework
0.7.0:preview
zendframework
0.8.0:preview
zendframework
0.9.0:beta
zendframework
0.9.1:beta
zendframework
0.9.2:beta
zendframework
0.9.3:beta
zendframework
1.0.0
zendframework
1.0.0:rc1
zendframework
1.0.0:rc2
zendframework
1.0.0:rc3
zendframework
1.0.1
zendframework
1.0.2
zendframework
1.0.3
zendframework
1.0.4
zendframework
1.5.0
zendframework
1.5.0:preview
zendframework
1.5.0:rc1
zendframework
1.5.0:rc2
zendframework
1.5.0:rc3
zendframework
1.5.1
zendframework
1.5.2
zendframework
1.5.3
zendframework
1.6.0
zendframework
1.6.0:rc1
zendframework
1.6.0:rc2
zendframework
1.6.0:rc3
zendframework
1.6.1
zendframework
1.6.2
zendframework
1.7.0
zendframework
1.7.0:preview
zendframework
1.7.1
zendframework
1.7.2
zendframework
1.7.3
zendframework
1.7.4
zendframework
1.7.5
zendframework
1.7.6
zendframework
1.7.7
zendframework
1.7.8
zendframework
1.8.0
zendframework
1.8.0:alpha_1
zendframework
1.8.0:beta_1
zendframework
1.8.1
zendframework
1.8.2
zendframework
1.8.3
zendframework
1.8.4
zendframework
1.9
zendframework
1.9.0
zendframework
1.9.0:alpha_1
zendframework
1.9.0:beta_1
zendframework
1.9.0:rc1
zendframework
1.9.1
zendframework
1.9.2
zendframework
1.9.3
zendframework
1.9.4
zendframework
1.9.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.sektioneins.de/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/
http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-unserialize-vulnerability/
http://www.sektioneins.de/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/
http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-unserialize-vulnerability/