{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2009-3559","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2024-08-07T06:31:10.435Z","dateReserved":"2009-10-05T00:00:00.000Z","datePublished":"2009-11-23T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2023-02-12T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy."}],"tags":["disputed"],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"name":"[oss-security] 20091120 Re: CVE request: php 5.3.1 update","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/3"},{"name":"[php-announce] 20091119 5.3.1 Release announcement","tags":["mailing-list"],"url":"http://news.php.net/php.announce/79"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"[oss-security] 20091120 CVE request: php 5.3.1 update","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/2"},{"name":"[oss-security] 20091120 Re: CVE request: php 5.3.1 update","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/5"},{"name":"MDVSA-2009:302","tags":["vendor-advisory"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"},{"url":"http://bugs.php.net/bug.php?id=50063"},{"url":"http://www.php.net/ChangeLog-5.php"},{"url":"http://support.apple.com/kb/HT4077"},{"url":"http://www.php.net/releases/5_3_1.php"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}],"datePublic":"2009-11-19T00:00:00.000Z"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T06:31:10.435Z"},"title":"CVE Program Container","references":[{"name":"[oss-security] 20091120 Re: CVE request: php 5.3.1 update","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/3"},{"name":"[php-announce] 20091119 5.3.1 Release announcement","tags":["mailing-list","x_transferred"],"url":"http://news.php.net/php.announce/79"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"name":"[oss-security] 20091120 CVE request: php 5.3.1 update","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/2"},{"name":"[oss-security] 20091120 Re: CVE request: php 5.3.1 update","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/5"},{"name":"MDVSA-2009:302","tags":["vendor-advisory","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"},{"url":"http://bugs.php.net/bug.php?id=50063","tags":["x_transferred"]},{"url":"http://www.php.net/ChangeLog-5.php","tags":["x_transferred"]},{"url":"http://support.apple.com/kb/HT4077","tags":["x_transferred"]},{"url":"http://www.php.net/releases/5_3_1.php","tags":["x_transferred"]}]}]}}