Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4601

Опубликовано: 16 апр. 2015
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Software Collectionsphp54-phpAffected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Software Collectionsrh-php56-phpNot affected
Red Hat Enterprise Linux 6phpFixedRHSA-2015:121809.07.2015
Red Hat Enterprise Linux 7phpFixedRHSA-2015:113523.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55FixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55-phpFixedRHSA-2015:105304.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54FixedRHSA-2015:106604.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=1222538php: type confusion issue in unserialize() with various SOAP methods

EPSS

Процентиль: 96%
0.21375
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4601

CVSS3: 9.8
ubuntu
почти 10 лет назад

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

nvd логотип

CVE-2015-4601

CVSS3: 9.8
nvd
почти 10 лет назад

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

debian логотип

CVE-2015-4601

CVSS3: 9.8
debian
почти 10 лет назад

PHP before 5.6.7 might allow remote attackers to cause a denial of ser ...

github логотип

GHSA-49vc-479w-9w64

CVSS3: 9.8
github
почти 4 года назад

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

fstec логотип

BDU:2016-01368

fstec
почти 10 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 96%
0.21375
Средний

4.3 Medium

CVSS2