Lucene search

K
nvd[email protected]NVD:CVE-2015-6837
HistoryMay 16, 2016 - 10:59 a.m.

CVE-2015-6837

2016-05-1610:59:20
web.nvd.nist.gov
4

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.028

Percentile

90.6%

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.

Affected configurations

Nvd
Node
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.1
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
OR
phpphpMatch5.6.4
OR
phpphpMatch5.6.5
OR
phpphpMatch5.6.6
OR
phpphpMatch5.6.7
OR
phpphpMatch5.6.8
OR
phpphpMatch5.6.9
OR
phpphpMatch5.6.10
OR
phpphpMatch5.6.11
OR
phpphpMatch5.6.12
AND
xmlsoftlibxml2Range2.9.1
Node
phpphpRange5.4.44
AND
xmlsoftlibxml2Range2.9.1
Node
phpphpMatch5.5.0
OR
phpphpMatch5.5.0alpha1
OR
phpphpMatch5.5.0alpha2
OR
phpphpMatch5.5.0alpha3
OR
phpphpMatch5.5.0alpha4
OR
phpphpMatch5.5.0alpha5
OR
phpphpMatch5.5.0alpha6
OR
phpphpMatch5.5.0beta1
OR
phpphpMatch5.5.0beta2
OR
phpphpMatch5.5.0beta3
OR
phpphpMatch5.5.0beta4
OR
phpphpMatch5.5.0rc1
OR
phpphpMatch5.5.0rc2
OR
phpphpMatch5.5.1
OR
phpphpMatch5.5.2
OR
phpphpMatch5.5.3
OR
phpphpMatch5.5.4
OR
phpphpMatch5.5.5
OR
phpphpMatch5.5.6
OR
phpphpMatch5.5.7
OR
phpphpMatch5.5.8
OR
phpphpMatch5.5.9
OR
phpphpMatch5.5.10
OR
phpphpMatch5.5.11
OR
phpphpMatch5.5.12
OR
phpphpMatch5.5.13
OR
phpphpMatch5.5.14
OR
phpphpMatch5.5.15
OR
phpphpMatch5.5.16
OR
phpphpMatch5.5.17
OR
phpphpMatch5.5.18
OR
phpphpMatch5.5.19
OR
phpphpMatch5.5.20
OR
phpphpMatch5.5.21
OR
phpphpMatch5.5.22
OR
phpphpMatch5.5.23
OR
phpphpMatch5.5.24
OR
phpphpMatch5.5.25
OR
phpphpMatch5.5.26
OR
phpphpMatch5.5.27
OR
phpphpMatch5.5.28
AND
xmlsoftlibxml2Range2.9.1
VendorProductVersionCPE
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
phpphp5.6.0cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*
phpphp5.6.1cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 641

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.028

Percentile

90.6%