QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3559

Published: Nov 23, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20091120 Re: CVE request: php 5.3.1 update

mailing-list

[php-announce] 20091119 5.3.1 Release announcement

mailing-list

APPLE-SA-2010-03-29-1

vendor-advisory

[oss-security] 20091120 CVE request: php 5.3.1 update

mailing-list

[oss-security] 20091120 Re: CVE request: php 5.3.1 update

mailing-list

vendor-advisory

http://bugs.php.net/bug.php?id=50063

http://www.php.net/ChangeLog-5.php

http://support.apple.com/kb/HT4077

http://www.php.net/releases/5_3_1.php

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.