CVE-2015-4148

🗓️ 09 Jun 2015 18:59:10Reported by [email protected]Type

The do_soap_call function in PHP versions before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify the uri property, leading to a "type confusion" issue

Reporter	Title	Published	Views	Family All 139
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: 2	2 Nov 202020:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php	2 Nov 202020:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)	31 Jan 201902:10	–	ibm
Tenable Nessus	PHP 5.4.x < 5.4.39 / 5.5.x < 5.5.23 / 5.6.x < 5.6.7 Multiple Vulnerabilities	9 Apr 201500:00	–	nessus
Tenable Nessus	Mac OS X < 10.10.5 Multiple Vulnerabilities	16 Oct 201500:00	–	nessus
Tenable Nessus	CentOS 7 : php (CESA-2015:1135)	24 Jun 201500:00	–	nessus
Tenable Nessus	CentOS 6 : php (CESA-2015:1218)	13 Jul 201500:00	–	nessus
Tenable Nessus	Debian DLA-307-1 : php5 security update	8 Sep 201500:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)	14 May 201900:00	–	nessus

NVD

Node

apple mac_os_xRange≤10.10.4

Node

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_hpc_nodeMatch7.0

redhat enterprise_linux_hpc_node_eusMatch7.1

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_eusMatch7.1

redhat enterprise_linux_workstationMatch7.0

Node

php phpRange≤5.4.38

php phpMatch5.5.0

php phpMatch5.5.0alpha1

php phpMatch5.5.0alpha2

php phpMatch5.5.0alpha3

php phpMatch5.5.0alpha4

php phpMatch5.5.0alpha5

php phpMatch5.5.0alpha6

php phpMatch5.5.0beta1

php phpMatch5.5.0beta2

php phpMatch5.5.0beta3

php phpMatch5.5.0beta4

php phpMatch5.5.0rc1

php phpMatch5.5.0rc2

php phpMatch5.5.1

php phpMatch5.5.2

php phpMatch5.5.3

php phpMatch5.5.4

php phpMatch5.5.5

php phpMatch5.5.6

php phpMatch5.5.7

php phpMatch5.5.8

php phpMatch5.5.9

php phpMatch5.5.10

php phpMatch5.5.11

php phpMatch5.5.12

php phpMatch5.5.13

php phpMatch5.5.14

php phpMatch5.5.18

php phpMatch5.5.19

php phpMatch5.5.20

php phpMatch5.5.21

php phpMatch5.5.22

php phpMatch5.6.0alpha1

php phpMatch5.6.0alpha2

php phpMatch5.6.0alpha3

php phpMatch5.6.0alpha4

php phpMatch5.6.0alpha5

php phpMatch5.6.0beta1

php phpMatch5.6.0beta2

php phpMatch5.6.0beta3

php phpMatch5.6.0beta4

php phpMatch5.6.2

php phpMatch5.6.3

php phpMatch5.6.4

php phpMatch5.6.5

php phpMatch5.6.6

Source	Link
php	www.php.net/ChangeLog-5.php
rhn	www.rhn.redhat.com/errata/RHSA-2015-1053.html
rhn	www.rhn.redhat.com/errata/RHSA-2015-1218.html
securityfocus	www.securityfocus.com/bid/75103
openwall	www.openwall.com/lists/oss-security/2015/06/01/4
oracle	www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
bugs	www.bugs.php.net/bug.php
lists	www.lists.opensuse.org/opensuse-updates/2015-06/msg00028.html
lists	www.lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
securitytracker	www.securitytracker.com/id/1032459

06 May 2026 22:30Current

8.1High risk

Vulners AI Score8.1

CVSS 25

EPSS0.11836

CWE-20