Published: 19/01/2016 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The SoapClient __call method in ext/soap/soap.c in PHP prior to 5.4.45, 5.5.x prior to 5.5.29, and 5.6.x prior to 5.6.13 does not properly manage headers, which allows remote malicious users to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.6.1
php php 5.5.0
php php 5.6.0
php php 5.6.5
php php 5.5.19
php php 5.6.12
php php 5.5.25
php php 5.5.1
php php 5.5.5
php php 5.6.4
php php 5.5.21
php php 5.6.6
php php 5.5.14
php php 5.5.7
php php 5.6.11
php php 5.6.2
php php 5.6.10
php php 5.5.12
php php 5.5.6
php php 5.6.7
php php 5.5.3
php php 5.5.23
php php 5.5.8
php php 5.5.27
php php
php php 5.5.24
php php 5.5.11
php php 5.5.13
php php 5.5.4
php php 5.5.28
php php 5.5.26
php php 5.6.9
php php 5.5.10
php php 5.6.3
php php 5.5.22
php php 5.6.8
php php 5.5.18
php php 5.5.20
php php 5.5.2
php php 5.5.9

Several security issues were fixed in PHP ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The vulnerabilities are addressed by upgrading PHP to new upstream versions (5445 and 5613), which include additional bug fixes Please refer to the upstream changelog for more information: phpnet/ChangeLog-5 ...

A flaw was discovered in the way PHP performed object unserialization Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code ...

A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets (CVE-2015-6837, CVE ...

As <a href="bugsphpnet/bugphp?id=69720">reported upstream</a>, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives A specially crafted archive could cause PHP to crash (CVE-2015-7803 ) A flaw was discovered in the way PHP performed object unserialization Specially crafted input pr ...

NVD-CWE-Other http://www.securitytracker.com/id/1033548 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=70388 http://www.securityfocus.com/bid/76644 http://www.debian.org/security/2015/dsa-3358 https://security.gentoo.org/glsa/201606-10 https://usn.ubuntu.com/2758-1/https://nvd.nist.gov

CVE-2015-6836

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect