Description

PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.

Remediation

References

CVE-2009-0754

Related Vulnerabilities

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14723)

IBMHttpServer Other Vulnerability (CVE-2004-1082)

Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)

Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2935)

WebLogic CVE-2022-21306 Vulnerability (CVE-2022-21306)

Severity

Low

Classification

CVE-2009-0754 CWE-134

Tags

Missing Update Known Vulnerabilities