Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4147

Опубликовано: 03 мар. 2015
Источник: redhat
CVSS2: 6.8
EPSS Средний

Описание

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Software Collectionsphp54-phpAffected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Software Collectionsrh-php56-phpNot affected
Red Hat Enterprise Linux 6phpFixedRHSA-2015:121809.07.2015
Red Hat Enterprise Linux 7phpFixedRHSA-2015:113523.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55FixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55-phpFixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54FixedRHSA-2015:106604.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=1204868php: SoapClient's __call() type confusion through unserialize()

EPSS

Процентиль: 98%
0.47536
Средний

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4147

ubuntu
около 10 лет назад

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

nvd логотип

CVE-2015-4147

nvd
около 10 лет назад

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

debian логотип

CVE-2015-4147

debian
около 10 лет назад

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...

github логотип

GHSA-qrgv-5qfv-5c76

github
около 3 лет назад

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

fstec логотип

BDU:2022-02535

CVSS3: 6.5
fstec
около 10 лет назад

Уязвимость метода soapclient::__call интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%
0.47536
Средний

6.8 Medium

CVSS2

Уязвимость CVE-2015-4147