[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3515Date: (C)2014-07-11   (M)2024-04-19


The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-59794
SECUNIA-59831
SECUNIA-60998
BID-68237
DSA-2974
RHSA-2014:1765
RHSA-2014:1766
SSRT101681
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab
http://support.apple.com/kb/HT6443
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.php.net/ChangeLog-5.php
https://bugs.php.net/bug.php?id=67492
openSUSE-SU-2014:1236

CPE    3
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/a:php:php
OVAL    19
oval:org.secpod.oval:def:1600089
oval:org.secpod.oval:def:1600078
oval:org.secpod.oval:def:21229
oval:org.secpod.oval:def:702112
...

© SecPod Technologies