Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-387
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHP versions ant\u00e9rieures \u00e0 5.6.13",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
},
{
"description": "PHP versions ant\u00e9rieures \u00e0 5.5.29",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
},
{
"description": "PHP versions ant\u00e9rieures \u00e0 5.4.45",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6835",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6835"
},
{
"name": "CVE-2015-6836",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6836"
},
{
"name": "CVE-2015-6834",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6834"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
}
],
"initial_release_date": "2015-09-10T00:00:00",
"last_revision_date": "2015-09-10T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-387",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHP\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHP du 03 septembre 2015",
"url": "http://www.php.net/ChangeLog-5.php#5.6.13"
}
]
}
CVE-2015-6836 (GCVE-0-2015-6836)
Vulnerability from cvelistv5
Published
2016-01-19 02:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=70388"
},
{
"name": "76644",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76644"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a \"type confusion\" in the serialize_function_call function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=70388"
},
{
"name": "76644",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76644"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2015-6836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a \"type confusion\" in the serialize_function_call function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033548"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://bugs.php.net/bug.php?id=70388",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=70388"
},
{
"name": "76644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76644"
},
{
"name": "DSA-3358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2015-6836",
"datePublished": "2016-01-19T02:00:00",
"dateReserved": "2015-09-08T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6834 (GCVE-0-2015-6834)
Vulnerability from cvelistv5
Published
2016-05-16 10:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=70366"
},
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"name": "76649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76649"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=70365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=70172"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:41",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=70366"
},
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"name": "76649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76649"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=70365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=70172"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2015-6834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=70366",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=70366"
},
{
"name": "1033548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033548"
},
{
"name": "76649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76649"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://bugs.php.net/bug.php?id=70365",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=70365"
},
{
"name": "https://bugs.php.net/bug.php?id=70172",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=70172"
},
{
"name": "DSA-3358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2015-6834",
"datePublished": "2016-05-16T10:00:00",
"dateReserved": "2015-09-08T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6837 (GCVE-0-2015-6837)
Vulnerability from cvelistv5
Published
2016-05-16 10:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76738",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76738"
},
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=69782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "76738",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76738"
},
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=69782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2015-6837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76738"
},
{
"name": "1033548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033548"
},
{
"name": "https://bugs.php.net/bug.php?id=69782",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69782"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "DSA-3358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2015-6837",
"datePublished": "2016-05-16T10:00:00",
"dateReserved": "2015-09-08T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6835 (GCVE-0-2015-6835)
Vulnerability from cvelistv5
Published
2016-05-16 10:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=70219"
},
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "76734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=70219"
},
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2015-6835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76734"
},
{
"name": "https://bugs.php.net/bug.php?id=70219",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=70219"
},
{
"name": "1033548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033548"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "DSA-3358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2015-6835",
"datePublished": "2016-05-16T10:00:00",
"dateReserved": "2015-09-08T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6838 (GCVE-0-2015-6838)
Vulnerability from cvelistv5
Published
2016-05-16 10:00
Modified
2024-08-06 07:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:33.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=69782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "76733",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76733"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:03",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "1033548",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=69782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "76733",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76733"
},
{
"name": "DSA-3358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2015-6838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033548"
},
{
"name": "https://bugs.php.net/bug.php?id=69782",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69782"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "76733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76733"
},
{
"name": "DSA-3358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3358"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2015-6838",
"datePublished": "2016-05-16T10:00:00",
"dateReserved": "2015-09-08T00:00:00",
"dateUpdated": "2024-08-06T07:36:33.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…