CVE-2009-3291
Last modified
CVE-2009-3291 is a vulnerability of currently unknown severity. The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.. EPSS estimates a 2.91% chance of exploitation in the next 30 days.
Description
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Php | Php | <= 5.2.10 | — |
| Php | Php | 1.0 | — |
| Php | Php | 2.0 | — |
| Php | Php | 2.0b10 | — |
| Php | Php | 3.0 | — |
| Php | Php | 3.0.1 | — |
| Php | Php | 3.0.2 | — |
| Php | Php | 3.0.3 | — |
| Php | Php | 3.0.4 | — |
| Php | Php | 3.0.5 | — |
| Php | Php | 3.0.6 | — |
| Php | Php | 3.0.7 | — |
| Php | Php | 3.0.8 | — |
| Php | Php | 3.0.9 | — |
| Php | Php | 3.0.10 | — |
| Php | Php | 3.0.11 | — |
| Php | Php | 3.0.12 | — |
| Php | Php | 3.0.13 | — |
| Php | Php | 3.0.14 | — |
| Php | Php | 3.0.15 | — |
| Php | Php | 3.0.16 | — |
| Php | Php | 3.0.17 | — |
| Php | Php | 3.0.18 | — |
| Php | Php | 4 | — |
| Php | Php | 4.0 | — |
| Php | Php | 4.0.0 | — |
| Php | Php | 4.0.1 | — |
| Php | Php | 4.0.2 | — |
| Php | Php | 4.0.3 | — |
| Php | Php | 4.0.4 | — |
| Php | Php | 4.0.5 | — |
| Php | Php | 4.0.6 | — |
| Php | Php | 4.0.7 | — |
| Php | Php | 4.1.0 | — |
| Php | Php | 4.1.1 | — |
| Php | Php | 4.1.2 | — |
| Php | Php | 4.2 | — |
| Php | Php | 4.2.0 | — |
| Php | Php | 4.2.1 | — |
| Php | Php | 4.2.2 | — |
| Php | Php | 4.2.3 | — |
| Php | Php | 4.3.0 | — |
| Php | Php | 4.3.1 | — |
| Php | Php | 4.3.2 | — |
| Php | Php | 4.3.3 | — |
| Php | Php | 4.3.4 | — |
| Php | Php | 4.3.5 | — |
| Php | Php | 4.3.6 | — |
| Php | Php | 4.3.7 | — |
| Php | Php | 4.3.8 | — |
Showing 50 of 88 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/36791Vendor Advisory
- http://www.php.net/ChangeLog-5.php#5.2.11Patch, Vendor Advisory
- http://www.php.net/releases/5_2_11.phpPatch, Vendor Advisory
- http://secunia.com/advisories/36791Vendor Advisory
- http://www.php.net/ChangeLog-5.php#5.2.11Patch, Vendor Advisory
- http://www.php.net/releases/5_2_11.phpPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3291?
How severe is CVE-2009-3291?
How do I fix CVE-2009-3291?
Are you affected by CVE-2009-3291?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST