Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4599

Опубликовано: 16 апр. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Software Collectionsphp54-phpAffected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Software Collectionsrh-php56-phpNot affected
Red Hat Enterprise Linux 6phpFixedRHSA-2015:121809.07.2015
Red Hat Enterprise Linux 7phpFixedRHSA-2015:113523.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55FixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55-phpFixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54FixedRHSA-2015:106604.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=1222538php: type confusion issue in unserialize() with various SOAP methods

EPSS

Процентиль: 92%
0.09006
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4599

CVSS3: 9.8
ubuntu
около 9 лет назад

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

nvd логотип

CVE-2015-4599

CVSS3: 9.8
nvd
около 9 лет назад

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

debian логотип

CVE-2015-4599

CVSS3: 9.8
debian
около 9 лет назад

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4. ...

github логотип

GHSA-w3jf-876q-fvf5

CVSS3: 9.8
github
около 3 лет назад

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

fstec логотип

BDU:2016-01370

fstec
около 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании, получить конфиденциальную информацию или выполнить произвольный код

EPSS

Процентиль: 92%
0.09006
Низкий

4.3 Medium

CVSS2