Описание
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.
A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
Отчет
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Will not fix | ||
| Red Hat Enterprise Linux 5 | php53 | Will not fix | ||
| Red Hat Enterprise Linux 6 | php | Will not fix | ||
| Red Hat Enterprise Linux 7 | php | Will not fix | ||
| Red Hat Software Collections | php54-php | Will not fix | ||
| Red Hat Software Collections | php55-php | Will not fix | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php56-php | Fixed | RHSA-2016:0457 | 15.03.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | rh-php56-php | Fixed | RHSA-2016:0457 | 15.03.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-php56-php | Fixed | RHSA-2016:0457 | 15.03.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php56-php | Fixed | RHSA-2016:0457 | 15.03.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, ...
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.
Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код
EPSS
5.1 Medium
CVSS2