Lucene search

[email protected]NVD:CVE-2015-4024

HistoryJun 09, 2015 - 6:59 p.m.

CVE-2015-4024

2015-06-0918:59:06

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.4 High

AI Score

Confidence

High

0.713 High

EPSS

Percentile

98.1%

JSON

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

applemac_os_xRange≤10.10.4

Node

phpphpRange≤5.4.40

phpphpMatch5.4.39

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.5.23

phpphpMatch5.5.24

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

phpphpMatch5.6.7

phpphpMatch5.6.8

Node

hpsystem_management_homepageRange≤7.5.3.1

Node

oraclelinuxMatch6

oraclelinuxMatch7

oraclesolarisMatch11.2

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html

lists.opensuse.org/opensuse-updates/2015-06/msg00002.html

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2015-1135.html

rhn.redhat.com/errata/RHSA-2015-1186.html

rhn.redhat.com/errata/RHSA-2015-1187.html

rhn.redhat.com/errata/RHSA-2015-1218.html

rhn.redhat.com/errata/RHSA-2015-1219.html

www.debian.org/security/2015/dsa-3280

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/74903

www.securitytracker.com/id/1032432

bugs.php.net/bug.php?id=69364

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

support.apple.com/kb/HT205031

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.4 High

AI Score

Confidence

High

0.713 High

EPSS

Percentile

98.1%

JSON

Related for NVD:CVE-2015-4024

cve1 nessus38 f52 ubuntucve1 prion1 openvas28 checkpoint_advisories1 cvelist1 amazon3 securityvulns6 mageia1 freebsd1 fedora3 debian1 redhat5 osv1 slackware1 oraclelinux4 suse3 veracode7 ibm5 ubuntu1 centos2 rosalinux1