CVE-2015-8835

CRITICAL

PHP < 5.4.44, 5.5.x < 5.5.28, 5.6.x < 5.6.12 - Denial of Service via SoapClient _cookies Array Deserialization

Title source: llm
STIX 2.1

Description

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.

References (10)

Core 10
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2952-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2750.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2952-2
Various Sources x_refsource_confirm
http://php.net/ChangeLog-5.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84426
Various Sources x_refsource_confirm
https://bugs.php.net/bug.php?id=70081

Scores

CVSS v3 9.8
EPSS 0.0404
EPSS Percentile 88.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (30)
php/php 5.6.0 alpha1 (9 CPE variants)
php/php 5.6.1
php/php 5.6.2
php/php 5.6.3
php/php 5.6.4
php/php 5.6.5
php/php 5.6.6
php/php 5.6.7
php/php 5.6.8
php/php 5.6.9
... and 20 more
Published May 16, 2016
Tracked Since Feb 18, 2026