Lucene search

[email protected]NVD:CVE-2015-4022

HistoryJun 09, 2015 - 6:59 p.m.

CVE-2015-4022

2015-06-0918:59:05

CWE-189

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

Affected configurations

NVD

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

Node

phpphpRange≤5.4.40

phpphpMatch5.4.39

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.5.24

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

phpphpMatch5.6.7

phpphpMatch5.6.8

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

applemac_os_xRange≤10.10.4

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html

lists.opensuse.org/opensuse-updates/2015-06/msg00002.html

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1186.html

rhn.redhat.com/errata/RHSA-2015-1187.html

rhn.redhat.com/errata/RHSA-2015-1218.html

rhn.redhat.com/errata/RHSA-2015-1219.html

www.debian.org/security/2015/dsa-3280

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/74902

www.securitytracker.com/id/1032433

bugs.php.net/bug.php?id=69545

security.gentoo.org/glsa/201606-10

support.apple.com/kb/HT205031

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for NVD:CVE-2015-4022