AskF5 | Security Advisory: SOL13275 - PHP vulnerability CVE-2009-3293

AskF5 Knowledge Base

Applies To:

Show Versions

BIG-IP LTM

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.6.1, 9.6.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0, 9.3.1, 9.3.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.0, 9.1.3, 9.1.2, 9.1.1, 9.1.0, 9.0.5, 9.0.4, 9.0.3, 9.0.2, 9.0.1, 9.0.0

BIG-IP ASM

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0, 9.3.1, 9.3.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2, 9.2.0

BIG-IP GTM

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0, 9.3.1, 9.3.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2

BIG-IP PSM

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5

BIG-IP Link Controller

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0, 9.3.1, 9.3.0, 9.2.5, 9.2.4, 9.2.3, 9.2.2

BIG-IP WebAccelerator

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0, 9.4.8, 9.4.7, 9.4.6, 9.4.5, 9.4.4, 9.4.3, 9.4.2, 9.4.1, 9.4.0

BIG-IP APM

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0

BIG-IP WOM

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0, 10.0.1, 10.0.0

BIG-IP Edge Gateway

11.1.0, 11.0.0, 10.2.3, 10.2.2, 10.2.1, 10.2.0, 10.1.0

FirePass

7.0.0, 6.1.0, 6.0.3, 6.0.2, 6.0.1, 6.0.0

ARX

6.1.1, 6.1.0, 6.0.0, 5.3.1, 5.2.2, 5.2.0, 5.1.9, 5.1.7, 5.1.5, 5.1.0, 5.0.7, 5.0.6, 5.0.5, 5.0.1, 5.0.0, 4.1.3, 4.1.1, 4.1.0, 4.0.1

Enterprise Manager

2.3.0, 2.2.0, 2.1.0, 2.0.0, 1.8.0, 1.7.0

BIG-IP Analytics

11.1.0, 11.0.0

sol13275: PHP vulnerability CVE-2009-3293

Security Advisory

Original Publication Date: 12/15/2011
Updated Date: 02/08/2012

Description

Unspecified vulnerability in the imagecolortransparent function in PHP prior to version 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

Impact

None

Status

F5 Product Development has evaluated the currently-supported releases for potential vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Product	Versions known to be vulnerable	Versions known to be not vulnerable	Vulnerable component or feature
BIG-IP LTM	None	9.x 10.x 11.x	None
BIG-IP GTM	None	9.x 10.x 11.x	None
BIG-IP ASM	None	9.x 10.x 11.x	None
BIG-IP Link Controller	None	9.x 10.x 11.x	None
BIG-IP WebAccelerator	None	9.x 10.x 11.x	None
BIG-IP PSM	None	9.x 10.x 11.x	None
BIG-IP WOM	None	10.x 11.x	None
BIG-IP APM	None	10.x 11.x	None
BIG-IP Edge Gateway	None	10.x 11.x	None
BIG-IP Analytics	None	11.x	None
FirePass	None	6.x 7.x	None
Enterprise Manager	None	1.x 2.x	None
ARX	None	4.x 5.x 6.x	None

Recommended action

None

Supplemental Information

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4602: Overview of the F5 security vulnerability response policy

Was this resource helpful in solving your issue?

Yes - this resource was helpful
No - this resource was not helpful
I don‘t know yet

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)

Reload Audio Image Help