CVE-2009-4418
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.
We have discovered 309,059 live websites that are affected by CVE-2009-4418.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 309,059 live websites (3.54% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 84 versions ( 15.36% of all versions) |
Details
- Published - Dec 24, 2009
- Updated - Sep 17, 2024
CVE References
CVE-2009-4418 usage by Country
 United States | 22,488 websites |
 Taiwan | 98,561 websites |
 Russia | 31,308 websites |
 Netherlands | 22,890 websites |
 Germany | 21,675 websites |
 Japan | 13,164 websites |
 France | 11,948 websites |
 China | 11,747 websites |
 Korea, South | 11,684 websites |
CVE-2009-4418 usage by TLD
| .com | 137,434 websites |
| .ru | 26,787 websites |
| .de | 20,685 websites |
| .nl | 15,740 websites |
| .net | 10,188 websites |
| .info | 9,123 websites |
| .org | 5,772 websites |
| .jp | 4,043 websites |
| .fr | 3,956 websites |
| .dk | 3,173 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2009-4418
Top websites that are affected by CVE-2009-4418. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.***********.com |  Canada | *** | |
| **********.com | United States | *** | |
| ************.***.ar |  Argentina | *,*** | |
| **********.us | United States | *,*** | |
| *****.***.tw | Taiwan | *,*** | |
| ********************.ru | Russia | *,*** | |
| **********.*****.de | Germany | *,*** | |
| ***.**********.us | United States | *,*** | |
| ***********.jp | Japan | **,*** | |
| *******.***.ru | Russia | **,*** |
FAQ
A total of 309,059 websites have been identified as vulnerable to CVE-2009-4418, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2009-4418 vulnerability.
PHP versions before 5.3 are vulnerable to CVE-2009-4418.
Version 5.3 of PHP addresses the CVE-2009-4418 security vulnerability.