Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4602

Опубликовано: 20 мар. 2015
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Software Collectionsphp54-phpAffected
Red Hat Enterprise Linux 6phpFixedRHSA-2015:121809.07.2015
Red Hat Enterprise Linux 7phpFixedRHSA-2015:113523.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54FixedRHSA-2015:106604.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54-phpFixedRHSA-2015:106604.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php54-php-pecl-zendopcacheFixedRHSA-2015:106604.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6php55-phpFixedRHSA-2015:118625.06.2015
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-phpFixedRHSA-2015:118725.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-843
https://bugzilla.redhat.com/show_bug.cgi?id=1232923php: Incomplete Class unserialization type confusion

EPSS

Процентиль: 95%
0.1882
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4602

CVSS3: 9.8
ubuntu
около 9 лет назад

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

nvd логотип

CVE-2015-4602

CVSS3: 9.8
nvd
около 9 лет назад

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

debian логотип

CVE-2015-4602

CVSS3: 9.8
debian
около 9 лет назад

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...

github логотип

GHSA-rwv3-9h8q-wffg

CVSS3: 9.8
github
около 3 лет назад

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

fstec логотип

BDU:2016-01367

fstec
около 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 95%
0.1882
Средний

4.3 Medium

CVSS2