Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2015-6835

Published: 16/05/2016 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

The session deserializer in PHP prior to 5.4.45, 5.5.x prior to 5.5.29, and 5.6.x prior to 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote malicious users to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.6.1

php php 5.6.0

php php 5.6.5

php php 5.6.12

php php 5.6.4

php php 5.6.6

php php 5.6.11

php php 5.6.2

php php 5.6.10

php php 5.6.7

php php 5.6.9

php php 5.6.3

php php 5.6.8

php php

php php 5.5.0

php php 5.5.19

php php 5.5.25

php php 5.5.16

php php 5.5.1

php php 5.5.5

php php 5.5.21

php php 5.5.17

php php 5.5.14

php php 5.5.7

php php 5.5.12

php php 5.5.6

php php 5.5.3

php php 5.5.23

php php 5.5.8

php php 5.5.27

php php 5.5.24

php php 5.5.15

php php 5.5.11

php php 5.5.13

php php 5.5.4

php php 5.5.28

php php 5.5.26

php php 5.5.10

php php 5.5.22

php php 5.5.18

php php 5.5.20

php php 5.5.2

php php 5.5.9

Vendor Advisories

Ubuntu Security Notice: php5 vulnerabilities
Several security issues were fixed in PHP ...
Debian Security Advisories: DSA-3358-1 php5 -- security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to new upstream versions (5445 and 5613), which include additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5 ...
Red Hat: CVE-2015-6835
A flaw was discovered in the way PHP performed object unserialization Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code ...
Amazon Linux AMI: ALAS-2016-670
A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets (CVE-2015-6837, CVE ...
Amazon Linux AMI: ALAS-2015-602
As <a href="bugsphpnet/bugphp?id=69720">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives A specially crafted archive could cause PHP to crash (CVE-2015-7803 ) A flaw was discovered in the way PHP performed object unserialization Specially crafted input pr ...
Amazon Linux AMI: ALAS-2015-601
As <a href="bugsphpnet/bugphp?id=69720">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives A specially crafted archive could cause PHP to crash (CVE-2015-7803 ) A flaw was discovered in the way PHP performed object unserialization Specially crafted input pr ...

Exploits

Exploit DB: PHP Session Deserializer - Use-After-Free
Use After Free Vulnerabilities in Session Deserializer Taoguang Chen <[@chtg](githubcom/chtg)> Write Date: 201589 Release Date: 201594 Multiple use-after-free vulnerabilities were discovered in session deserializer (php/php_binary/php_serialize) that can be abused for leaking arbitrary memory blocks or execute arbitrary code re ...
Exploit DB: Joomla HTTP Header Unauthenticated Remote Code Execution
Joomla suffers from an unauthenticated remote code execution that affects all versions from 150 to 345 By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character The custom created payload is then executed once the session is read from the database You also need to have a ...

Github Repositories

https://github.com/ockeghem/CVE-2015-6835-checker

CVE-2015-6835-checker

https://github.com/RobinHoutevelts/Joomla-CVE-2015-8562-PHP-POC

A proof of concept for Joomla's CVE-2015-8562 vulnerability

Joomla-CVE-2015-8562-PHP-POC A proof of concept for Joomla's CVE-2015-8562 vulnerability Intro Thi

https://github.com/VoidSec/Joomla_CVE-2015-8562

A proof of concept for Joomla's CVE-2015-8562 vulnerability (Object Injection RCE)

Joomla_CVE-2015-8562 A proof of concept for Joomla's CVE-2015-8562 vulnerability (Object Injection RCE) Intro/Changelog This PoC is the second version of the implementation hosted at exploit-db -Fixed (regenerate session) -Added the option to switch from X-Forwarded-For to User-Agent method -Added the option to switch from a python reverse shell to a bash one -Added catch

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/76734https://bugs.php.net/bug.php?id=70219http://www.securitytracker.com/id/1033548http://php.net/ChangeLog-5.phphttp://www.debian.org/security/2015/dsa-3358https://security.gentoo.org/glsa/201606-10https://usn.ubuntu.com/2758-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/38123/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook