Lucene search

[email protected]NVD:CVE-2015-2787

HistoryMar 30, 2015 - 10:59 a.m.

CVE-2015-2787

2015-03-3010:59:15

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.721 High

EPSS

Percentile

98.1%

JSON

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.

Affected configurations

NVD

Node

phpphpRange≤5.4.38

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.15

phpphpMatch5.5.16

phpphpMatch5.5.17

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.1

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

Node

applemac_os_xRange≤10.6.8

applemac_os_xMatch10.9.5

applemac_os_xMatch10.10.0

applemac_os_xMatch10.10.1

applemac_os_xMatch10.10.2

applemac_os_xMatch10.10.3

applemac_os_xMatch10.10.4

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html

lists.opensuse.org/opensuse-updates/2015-04/msg00015.html

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1053.html

rhn.redhat.com/errata/RHSA-2015-1066.html

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1218.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/73431

www.securitytracker.com/id/1032485

www.ubuntu.com/usn/USN-2572-1

bugs.php.net/bug.php?id=68976

gist.github.com/smalyshev/eea9eafc7c88a4a6d10d

security.gentoo.org/glsa/201606-10

support.apple.com/HT205267

support.apple.com/kb/HT205031

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.721 High

EPSS

Percentile

98.1%

JSON

CVE-2015-2787

Affected configurations

References

Related