Rapid7 Vulnerability & Exploit Database

PHP Vulnerability: CVE-2009-0754

Back to Search

PHP Vulnerability: CVE-2009-0754

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:P/A:N)
Published
03/03/2009
Created
07/25/2018
Added
10/01/2012
Modified
02/13/2015

Description

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

Solution(s)

  • php-upgrade-5_2_0

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;