Lucene search

[email protected]CVE-2015-3330

HistoryJun 09, 2015 - 6:59 p.m.

CVE-2015-3330

2015-06-0918:59:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-3330

php

handler

vulnerability

denial of service

remote code execution

nvd

security advisory

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.1%

JSON

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a “deconfigured interpreter.”

Affected configurations

NVD

Node

oraclelinuxMatch6

oraclelinuxMatch7

oraclesolarisMatch11.2

Node

applemac_os_xRange≤10.10.4

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

Node

phpphpRange≤5.4.39

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

phpphpMatch5.6.7

CPENameOperatorVersion
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7
oracle:solarisoracle solariseq11.2

CPE	Name	Operator	Version
oracle:linux	oracle linux	eq	6
oracle:linux	oracle linux	eq	7
oracle:solaris	oracle solaris	eq	11.2

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html

openwall.com/lists/oss-security/2015/04/17/7

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1066.html

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1186.html

rhn.redhat.com/errata/RHSA-2015-1187.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/74204

www.securitytracker.com/id/1033703

www.ubuntu.com/usn/USN-2572-1

bugs.php.net/bug.php?id=68486

bugs.php.net/bug.php?id=69218

security.gentoo.org/glsa/201606-10

support.apple.com/HT205267

support.apple.com/kb/HT205031

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2015-3330

openvas15 cvelist1 ubuntucve1 prion1 nvd1 suse2 mageia1 securityvulns6 nessus24 ubuntu1 slackware1 osv1 debian1 veracode18 redhat4 oraclelinux3 gentoo1 centos1 cloudlinux1 rosalinux1