Vulnerability Details : CVE-2009-3557

Exploit prediction scoring system (EPSS) score for CVE-2009-3557

CVSS scores for CVE-2009-3557

CWE ids for CVE-2009-3557

• CWE-264
  Assigned by: [email protected] (Primary)

Vendor statements for CVE-2009-3557

• Red Hat 2009-11-24
  We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

References for CVE-2009-3557

• http://news.php.net/php.announce/79
  CVEs referencing this url
• http://marc.info/?l=bugtraq&m=127680701405735&w=2
  CVEs referencing this url
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7396
• http://www.php.net/releases/5_3_1.php
  Patch;Vendor Advisory

  CVEs referencing this url
• http://www.vupen.com/english/advisories/2009/3593
  CVEs referencing this url
• http://www.openwall.com/lists/oss-security/2009/11/20/2
  Patch

  CVEs referencing this url
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:302
  CVEs referencing this url
• http://support.apple.com/kb/HT4077
  CVEs referencing this url
• http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log
• http://svn.php.net/viewvc?view=revision&revision=288945
• http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:285
  CVEs referencing this url
• http://www.openwall.com/lists/oss-security/2009/11/20/3
  Patch

  CVEs referencing this url
• http://securityreason.com/securityalert/6601
  Exploit
• http://www.openwall.com/lists/oss-security/2009/11/20/5
  Patch

  CVEs referencing this url
• http://www.php.net/ChangeLog-5.php
  Patch;Vendor Advisory

  CVEs referencing this url
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:303
  CVEs referencing this url
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
  CVEs referencing this url
• http://www.php.net/releases/5_2_12.php
  CVEs referencing this url

Products affected by CVE-2009-3557

• PHP » PHP

  Versions up to, including, (<=) 5.2.11
  cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 1.0
  cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 2.0b10
  cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 2.0
  cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0
  cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.1
  cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.10
  cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.3
  cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.4
  cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.5
  cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.6
  cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.11
  cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.13
  cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.8
  cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.12
  cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.2
  cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.7
  cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.9
  cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0
  cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.1
  cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.3
  cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.4
  cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.5
  cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.6
  cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.0
  cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.1
  cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.2
  cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.16
  cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7
  cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.17
  cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.18
  cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.15
  cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.14
  cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.2
  cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.0
  cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.1
  cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.2
  cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.3
  cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta1
  cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta3
  cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta4
  cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta 4 Patch1
  cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta2
  cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.0
  cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.1
  cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.2
  cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.7
  cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0
  cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.10
  cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.3
  cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.0
  cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.11
  cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta4
  cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.2
  cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.1
  cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.3.0
  cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.9
  cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.10
  cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.7
  cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.8
  cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.6
  cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.1
  cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.5
  cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

  Matching versions