CVE-2009-4143 Information
Share on:Description
PHP before 5.2.12 does not properly handle session data which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Reference
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://secunia.com/advisories/37821 http://secunia.com/advisories/38648 http://secunia.com/advisories/40262 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://support.apple.com/kb/HT4077 http://www.debian.org/security/2010/dsa-2001 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://www.mandriva.com/security/advisories?name=MDVSA-2010:045 http://www.php.net/ChangeLog-5.php http://www.php.net/releases/5_2_12.php http://www.securityfocus.com/bid/37390 http://www.vupen.com/english/advisories/2009/3593 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7439