Lucene search

K
nvd[email protected]NVD:CVE-2015-0231
HistoryJan 27, 2015 - 8:03 p.m.

CVE-2015-0231

2015-01-2720:03:41
web.nvd.nist.gov
8

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.861

Percentile

98.6%

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.

Affected configurations

Nvd
Node
phpphpRange5.4.36
OR
phpphpMatch5.4.0
OR
phpphpMatch5.4.1
OR
phpphpMatch5.4.2
OR
phpphpMatch5.4.3
OR
phpphpMatch5.4.4
OR
phpphpMatch5.4.5
OR
phpphpMatch5.4.6
OR
phpphpMatch5.4.7
OR
phpphpMatch5.4.8
OR
phpphpMatch5.4.9
OR
phpphpMatch5.4.10
OR
phpphpMatch5.4.11
OR
phpphpMatch5.4.12
OR
phpphpMatch5.4.12rc1
OR
phpphpMatch5.4.12rc2
OR
phpphpMatch5.4.13
OR
phpphpMatch5.4.13rc1
OR
phpphpMatch5.4.14
OR
phpphpMatch5.4.14rc1
OR
phpphpMatch5.4.15rc1
OR
phpphpMatch5.4.16rc1
OR
phpphpMatch5.4.17
OR
phpphpMatch5.4.18
OR
phpphpMatch5.4.19
OR
phpphpMatch5.4.20
OR
phpphpMatch5.4.21
OR
phpphpMatch5.4.22
OR
phpphpMatch5.4.23
OR
phpphpMatch5.4.24
OR
phpphpMatch5.4.25
OR
phpphpMatch5.4.26
OR
phpphpMatch5.4.27
OR
phpphpMatch5.4.28
OR
phpphpMatch5.4.29
OR
phpphpMatch5.4.30
OR
phpphpMatch5.4.34
OR
phpphpMatch5.4.35
OR
phpphpMatch5.5.0
OR
phpphpMatch5.5.0alpha1
OR
phpphpMatch5.5.0alpha2
OR
phpphpMatch5.5.0alpha3
OR
phpphpMatch5.5.0alpha4
OR
phpphpMatch5.5.0alpha5
OR
phpphpMatch5.5.0alpha6
OR
phpphpMatch5.5.0beta1
OR
phpphpMatch5.5.0beta2
OR
phpphpMatch5.5.0beta3
OR
phpphpMatch5.5.0beta4
OR
phpphpMatch5.5.0rc1
OR
phpphpMatch5.5.0rc2
OR
phpphpMatch5.5.1
OR
phpphpMatch5.5.2
OR
phpphpMatch5.5.3
OR
phpphpMatch5.5.4
OR
phpphpMatch5.5.5
OR
phpphpMatch5.5.6
OR
phpphpMatch5.5.7
OR
phpphpMatch5.5.8
OR
phpphpMatch5.5.9
OR
phpphpMatch5.5.10
OR
phpphpMatch5.5.11
OR
phpphpMatch5.5.12
OR
phpphpMatch5.5.13
OR
phpphpMatch5.5.14
OR
phpphpMatch5.5.15
OR
phpphpMatch5.5.16
OR
phpphpMatch5.5.17
OR
phpphpMatch5.5.18
OR
phpphpMatch5.5.19
OR
phpphpMatch5.5.20
OR
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.1
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
OR
phpphpMatch5.6.4
VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp5.4.0cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*
phpphp5.4.1cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*
phpphp5.4.2cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*
phpphp5.4.3cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*
phpphp5.4.4cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*
phpphp5.4.5cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*
phpphp5.4.6cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*
phpphp5.4.7cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*
phpphp5.4.8cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*
Rows per page:
1-10 of 841

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.861

Percentile

98.6%