Lucene search

[email protected]CVE-2015-4602

HistoryMay 16, 2016 - 10:59 a.m.

CVE-2015-4602

2016-05-1610:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

215

cve-2015-4602

php

incomplete_class

remote attack

denial of service

arbitrary code

type confusion

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.097 Low

EPSS

Percentile

94.8%

JSON

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a “type confusion” issue.

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq7.0
redhat:enterprise_linuxredhat enterprise linuxeq6.0
php:phpphpeq5.6.1
php:phpphpeq5.6.5
php:phpphple5.4.39
php:phpphpeq5.5.19
php:phpphpeq5.5.0
php:phpphpeq5.5.16
php:phpphpeq5.6.0
php:phpphpeq5.5.1

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	7.0
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
php:php	php	eq	5.6.1
php:php	php	eq	5.6.5
php:php	php	le	5.4.39
php:php	php	eq	5.5.19
php:php	php	eq	5.5.0
php:php	php	eq	5.5.16
php:php	php	eq	5.6.0
php:php	php	eq	5.5.1