Lucene search

[email protected]CVE-2015-2783

HistoryJun 09, 2015 - 6:59 p.m.

CVE-2015-2783

2015-06-0918:59:00

CWE-119

[email protected]

web.nvd.nist.gov

php

cve-2015-2783

information disclosure

denial of service

vulnerability

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.

Affected configurations

NVD

Node

phpphpRange≤5.4.39

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

phpphpMatch5.6.7

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

applemac_os_xRange≤10.10.5

CPENameOperatorVersion
php:phpphple5.4.39
php:phpphpeq5.5.0
php:phpphpeq5.5.1
php:phpphpeq5.5.2
php:phpphpeq5.5.3
php:phpphpeq5.5.4
php:phpphpeq5.5.5
php:phpphpeq5.5.6
php:phpphpeq5.5.7
php:phpphpeq5.5.8

CPE	Name	Operator	Version
php:php	php	le	5.4.39
php:php	php	eq	5.5.0
php:php	php	eq	5.5.1
php:php	php	eq	5.5.2
php:php	php	eq	5.5.3
php:php	php	eq	5.5.4
php:php	php	eq	5.5.5
php:php	php	eq	5.5.6
php:php	php	eq	5.5.7
php:php	php	eq	5.5.8