Vulnerability Details : CVE-2009-4143

Exploit prediction scoring system (EPSS) score for CVE-2009-4143

CVSS scores for CVE-2009-4143

Vendor statements for CVE-2009-4143

• Red Hat 2009-12-23
  We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

References for CVE-2009-4143

• http://marc.info/?l=bugtraq&m=127680701405735&w=2
  CVEs referencing this url
• http://www.vupen.com/english/advisories/2009/3593
  Vendor Advisory

  CVEs referencing this url
• http://www.securityfocus.com/bid/37390
• http://support.apple.com/kb/HT4077
  CVEs referencing this url
• http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
  CVEs referencing this url
• http://www.php.net/ChangeLog-5.php
  CVEs referencing this url
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
  CVEs referencing this url
• http://www.php.net/releases/5_2_12.php
  Vendor Advisory

  CVEs referencing this url
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439
• http://www.debian.org/security/2010/dsa-2001
  CVEs referencing this url
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:045

Products affected by CVE-2009-4143

• PHP » PHP

  Versions up to, including, (<=) 5.2.11
  cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 1.0
  cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 2.0b10
  cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 2.0
  cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0
  cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.1
  cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.10
  cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.3
  cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.4
  cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.5
  cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.6
  cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.11
  cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.13
  cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.8
  cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.12
  cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.2
  cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.7
  cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.9
  cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0
  cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.1
  cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.3
  cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.4
  cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.5
  cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.6
  cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.0
  cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.1
  cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.1.2
  cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.16
  cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7
  cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.17
  cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.18
  cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.15
  cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC3
  cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 3.0.14
  cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.2
  cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC1
  cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC2
  cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.0
  cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.1
  cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.2
  cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.2.3
  cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta1
  cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta3
  cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta4
  cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update RC1
  cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update RC2
  cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta 4 Patch1
  cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0 Update Beta2
  cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.0
  cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.1
  cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.6
  cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.2
  cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0 Update RC2
  cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0 Update RC3
  cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.3
  cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.5
  cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.6
  cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.7
  cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0 Update RC1
  cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.8
  cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.4
  cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.1
  cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.2
  cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.9
  cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0
  cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.10
  cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.3
  cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.0
  cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.0
  cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.3.11
  cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.4
  cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.5
  cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta1
  cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta4
  cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update RC1
  cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta2
  cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update Beta3
  cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update RC2
  cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.0.0 Update RC3
  cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.1
  cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.2
  cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.0
  cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.1
  cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.2
  cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.3
  cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.4
  cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.3
  cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.6
  cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.1.5
  cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.4
  cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.0
  cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.9
  cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.10
  cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.8
  cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.3
  cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.7
  cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.8
  cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.9
  cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.4
  cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.6
  cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.7
  cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.1
  cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.4.5
  cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.5
  cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5.2.2
  cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4.0.7 Update RC4
  cpe:2.3:a:php:php:4.0.7:rc4:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 5
  cpe:2.3:a:php:php:5:*:*:*:*:*:*:*

  Matching versions
• PHP » PHP » Version: 4
  cpe:2.3:a:php:php:4:*:*:*:*:*:*:*

  Matching versions