CVE-2009-3291

N/A Unknown

Published: September 22, 2009 Modified: April 23, 2026

Description

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=127680701405735&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=130497311408250&w=2

Source: cve@mitre.org

http://secunia.com/advisories/36791

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/37482

Source: cve@mitre.org

http://secunia.com/advisories/40262

Source: cve@mitre.org

http://support.apple.com/kb/HT3937

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1940

Source: cve@mitre.org

http://www.osvdb.org/58185

Source: cve@mitre.org

http://www.php.net/ChangeLog-5.php#5.2.11

Source: cve@mitre.org

Patch Vendor Advisory

http://www.php.net/releases/5_2_11.php

Source: cve@mitre.org

Patch Vendor Advisory

http://www.securitytracker.com/id?1022914

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/3184

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/53334

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10438

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7394

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html