Description

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Remediation

References

CVE-2009-3291

Related Vulnerabilities

Moodle Numeric Errors Vulnerability (CVE-2011-4305)

WordPress Plugin WP Instagram-Best Instagram Feeds Cross-Site Scripting (1.0.19)

WordPress Plugin Custom CSS Pro Cross-Site Request Forgery (1.0.3)

Apache 2.x version older than 2.0.55

Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6)

Severity

High

Classification

CVE-2009-3291 CWE-20

Tags

Missing Update Known Vulnerabilities