NVD

Id
51541  
Name
CVE-2009-4418  
Description
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-07  
Published
2009-12-24  
Modified Date
2009-12-28  
Seq
2009-4418  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
261351 51541 CVE-2009-4418 http://www.suspekt.org/2009/11/28/shocking-news-in-php-exploitation/  View
261352 51541 CVE-2009-4418 http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
44224 JVNDB-2009-005231 PHP の非シリアル化関数におけるサービス運用妨害 (DoS) の脆弱性 PHP の非シリアル化関数には、サービス運用妨害 (リソース浪費) 状態となる脆弱性が存在します。 CVE-2009-4418 41849 CVE-2009-4418 51541 5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005231.html 2009-12-24 2012-09-25 View