CVE-2009-0754

Publication date 3 March 2009

Last updated 24 July 2024

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	8.10 intrepid	Fixed 5.2.6-2ubuntu4.2
	8.04 LTS hardy	Fixed 5.2.4-2ubuntu5.6
	7.10 gutsy	Ignored
	6.06 LTS dapper	Fixed 5.1.2-1ubuntu3.14

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
php5	Upstream: http://cvsweb.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.276&r2=1.277

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-761-1
PHP vulnerabilities
20 April 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0754