Description

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Remediation

References

CVE-2009-3291

Related Vulnerabilities

WordPress Plugin Relevanssi-A Better Search SQL Injection (3.2)

WordPress Plugin Tabs Cross-Site Scripting (1.8.0)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18670)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Cross-Site Scripting (5.0.1.8)

WordPress Plugin Malware Scanner SQL Injection (4.7.2)

Severity

High

Classification

CVE-2009-3291 CWE-20

Tags

Missing Update Known Vulnerabilities