LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

php: web site intrusion

Package(s):php CVE #(s):CVE-2009-0754
Created:March 6, 2009 Updated:January 6, 2010
Description: From the Mandriva advisory: PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
Alerts:
Gentoo 201001-03 2010-01-05
Fedora FEDORA-2009-3768 2009-04-21
Fedora FEDORA-2009-3848 2009-04-21
Debian DSA-1789-1 2009-05-04
Ubuntu USN-761-1 2009-04-20
Red Hat RHSA-2009:0350-01 2009-04-14
CentOS CESA-2009:0338 2009-04-07
CentOS CESA-2009:0337 2009-04-06
Red Hat RHSA-2009:0337-01 2009-04-06
Red Hat RHSA-2009:0338-01 2009-04-06
Mandriva MDVSA-2009:066 2008-03-05
Mandriva MDVSA-2009:065 2009-03-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds