Home > Vulnerability Database > CVE-2009-0754

Mend.io Vulnerability Database

CVE-2009-0754

Date: March 3, 2009

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

Severity Score

4.0

Related Resources (21)

Url: http://secunia.com/advisories/34830

Url: http://secunia.com/advisories/35007

Url: http://bugs.php.net/bug.php?id=27421

Url: http://secunia.com/advisories/35306

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11035

Url: http://www.redhat.com/support/errata/RHSA-2009-0350.html

Url: http://www.debian.org/security/2009/dsa-1789

Url: http://www.openwall.com/lists/oss-security/2009/01/30/1

Url: http://www.openwall.com/lists/oss-security/2009/02/03/3

Url: http://www.openwall.com/lists/oss-security/2009/02/25/3

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0754

Url: http://secunia.com/advisories/35003

Url: http://secunia.com/advisories/34642

Url: https://usn.ubuntu.com/761-1/

Url: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Url: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0754

Url: http://www.securitytracker.com/id?1021979

Url: https://access.redhat.com/security/cve/CVE-2009-0754

Url: https://www.mend.io/vulnerability-database/CVE-2009-0754

Severity Score

4.0

Weakness Type (CWE)

Format String Vulnerability

CWE-134

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-0754

Date: March 3, 2009

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?