Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-4142

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE Linux Security Vulnerability: CVE-2009-4142

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

12/21/2009

Created

07/25/2018

Added

02/17/2015

Modified

07/04/2017

Description

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

Solution(s)

suse-upgrade-apache2-mod_php5
suse-upgrade-php5-bcmath
suse-upgrade-php5-bz2
suse-upgrade-php5-calendar
suse-upgrade-php5-ctype
suse-upgrade-php5-curl
suse-upgrade-php5-dba
suse-upgrade-php5-dbase
suse-upgrade-php5-devel
suse-upgrade-php5-dom
suse-upgrade-php5-enchant
suse-upgrade-php5-exif
suse-upgrade-php5-fastcgi
suse-upgrade-php5-fileinfo
suse-upgrade-php5-ftp
suse-upgrade-php5-gd
suse-upgrade-php5-gettext
suse-upgrade-php5-gmp
suse-upgrade-php5-hash
suse-upgrade-php5-iconv
suse-upgrade-php5-imap
suse-upgrade-php5-intl
suse-upgrade-php5-json
suse-upgrade-php5-ldap
suse-upgrade-php5-mbstring
suse-upgrade-php5-mcrypt
suse-upgrade-php5-mhash
suse-upgrade-php5-mysql
suse-upgrade-php5-ncurses
suse-upgrade-php5-odbc
suse-upgrade-php5-openssl
suse-upgrade-php5-pcntl
suse-upgrade-php5-pdo
suse-upgrade-php5-pear
suse-upgrade-php5-pgsql
suse-upgrade-php5-phar
suse-upgrade-php5-posix
suse-upgrade-php5-pspell
suse-upgrade-php5-readline
suse-upgrade-php5-shmop
suse-upgrade-php5-snmp
suse-upgrade-php5-soap
suse-upgrade-php5-sockets
suse-upgrade-php5-sqlite
suse-upgrade-php5-suhosin
suse-upgrade-php5-sysvmsg
suse-upgrade-php5-sysvsem
suse-upgrade-php5-sysvshm
suse-upgrade-php5-tidy
suse-upgrade-php5-tokenizer
suse-upgrade-php5-wddx
suse-upgrade-php5-xmlreader
suse-upgrade-php5-xmlrpc
suse-upgrade-php5-xmlwriter
suse-upgrade-php5-xsl
suse-upgrade-php5-zip
suse-upgrade-php5-zlib
suse-upgrade-sap-aio-release

References

https://attackerkb.com/topics/cve-2009-4142
APPLE-SA-2010-03-29-1
37389
CVE - 2009-4142
DSA-2001
OVAL10005
OVAL7085

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-4142

SUSE Linux Security Vulnerability: CVE-2009-4142

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.