CVE-2009-3291

Published: Sep 22, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.php.net/ChangeLog-5.php#5.2.11

x_refsource_CONFIRM

37482

third-party-advisory

x_refsource_SECUNIA

40262

third-party-advisory

x_refsource_SECUNIA

HPSBUX02543

vendor-advisory

x_refsource_HP

SSRT090208

vendor-advisory

x_refsource_HP

http://www.php.net/releases/5_2_11.php

x_refsource_CONFIRM

php-certificate-unspecified(53334)

vdb-entry

x_refsource_XF

1022914

vdb-entry

x_refsource_SECTRACK

36791

third-party-advisory

x_refsource_SECUNIA

DSA-1940

vendor-advisory

x_refsource_DEBIAN

HPSBOV02683

vendor-advisory

x_refsource_HP

oval:org.mitre.oval:def:10438

vdb-entry

signature

x_refsource_OVAL

ADV-2009-3184

vdb-entry

x_refsource_VUPEN

58185

vdb-entry

x_refsource_OSVDB

oval:org.mitre.oval:def:7394

vdb-entry

signature

x_refsource_OVAL

SSRT100152

vendor-advisory

x_refsource_HP

APPLE-SA-2009-11-09-1

vendor-advisory

x_refsource_APPLE

SUSE-SR:2009:017

vendor-advisory

x_refsource_SUSE

http://support.apple.com/kb/HT3937

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-3291

Description

Affected Products

References