CVE-2015-3330

2015-06-0918:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-3330

php

handler

vulnerability

denial of service

remote code execution

nvd

security advisory

8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

92.9%

JSON

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a “deconfigured interpreter.”

CPENameOperatorVersion
oracle:solarisoracle solariseq11.2
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7
apple:mac_os_xapple mac os xle10.10.4
redhat:enterprise_linuxredhat enterprise linuxeq7.0
redhat:enterprise_linuxredhat enterprise linuxeq6.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_hpc_noderedhat enterprise linux hpc nodeeq7.0

CPE	Name	Operator	Version
oracle:solaris	oracle solaris	eq	11.2
oracle:linux	oracle linux	eq	6
oracle:linux	oracle linux	eq	7
apple:mac_os_x	apple mac os x	le	10.10.4
redhat:enterprise_linux	redhat enterprise linux	eq	7.0
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_hpc_node	redhat enterprise linux hpc node	eq	7.0