Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-8562
HistoryDec 16, 2015 - 9:59 p.m.

CVE-2015-8562

2015-12-1621:59:06
CWE-20
[email protected]
web.nvd.nist.gov
6

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.972

Percentile

99.9%

JSON

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

Affected configurations

Nvd
Node
joomlajoomla\!Match1.5.0
OR
joomlajoomla\!Match1.5.1
OR
joomlajoomla\!Match1.5.2
OR
joomlajoomla\!Match1.5.3
OR
joomlajoomla\!Match1.5.4
OR
joomlajoomla\!Match1.5.6
OR
joomlajoomla\!Match1.5.7
OR
joomlajoomla\!Match1.5.8
OR
joomlajoomla\!Match1.5.9
OR
joomlajoomla\!Match1.5.10
OR
joomlajoomla\!Match1.5.11
OR
joomlajoomla\!Match1.5.12
OR
joomlajoomla\!Match1.5.13
OR
joomlajoomla\!Match1.5.14
OR
joomlajoomla\!Match1.5.15
OR
joomlajoomla\!Match1.5.16
OR
joomlajoomla\!Match1.5.17
OR
joomlajoomla\!Match1.5.18
OR
joomlajoomla\!Match1.5.19
OR
joomlajoomla\!Match1.5.20
OR
joomlajoomla\!Match1.5.21
OR
joomlajoomla\!Match1.5.22
OR
joomlajoomla\!Match1.5.23
OR
joomlajoomla\!Match1.5.24
OR
joomlajoomla\!Match1.5.25
OR
joomlajoomla\!Match1.5.26
OR
joomlajoomla\!Match1.6.0
OR
joomlajoomla\!Match1.6.1
OR
joomlajoomla\!Match1.6.2
OR
joomlajoomla\!Match1.6.3
OR
joomlajoomla\!Match1.6.4
OR
joomlajoomla\!Match1.6.5
OR
joomlajoomla\!Match1.6.6
OR
joomlajoomla\!Match1.7.0
OR
joomlajoomla\!Match1.7.1
OR
joomlajoomla\!Match1.7.2
OR
joomlajoomla\!Match1.7.3
OR
joomlajoomla\!Match1.7.4
OR
joomlajoomla\!Match1.7.5
OR
joomlajoomla\!Match2.5.0
OR
joomlajoomla\!Match2.5.1
OR
joomlajoomla\!Match2.5.2
OR
joomlajoomla\!Match2.5.3
OR
joomlajoomla\!Match2.5.4
OR
joomlajoomla\!Match2.5.5
OR
joomlajoomla\!Match2.5.6
OR
joomlajoomla\!Match2.5.7
OR
joomlajoomla\!Match2.5.8
OR
joomlajoomla\!Match2.5.9
OR
joomlajoomla\!Match2.5.10
OR
joomlajoomla\!Match2.5.11
OR
joomlajoomla\!Match2.5.12
OR
joomlajoomla\!Match2.5.13
OR
joomlajoomla\!Match2.5.14
OR
joomlajoomla\!Match2.5.15
OR
joomlajoomla\!Match2.5.16
OR
joomlajoomla\!Match2.5.17
OR
joomlajoomla\!Match2.5.18
OR
joomlajoomla\!Match2.5.19
OR
joomlajoomla\!Match2.5.20
OR
joomlajoomla\!Match2.5.21
OR
joomlajoomla\!Match2.5.22
OR
joomlajoomla\!Match2.5.23
OR
joomlajoomla\!Match2.5.24
OR
joomlajoomla\!Match2.5.25
OR
joomlajoomla\!Match2.5.26
OR
joomlajoomla\!Match2.5.27
OR
joomlajoomla\!Match2.5.28
OR
joomlajoomla\!Match3.0.0
OR
joomlajoomla\!Match3.0.1
OR
joomlajoomla\!Match3.0.2
OR
joomlajoomla\!Match3.0.3
OR
joomlajoomla\!Match3.1.0
OR
joomlajoomla\!Match3.1.1
OR
joomlajoomla\!Match3.1.2
OR
joomlajoomla\!Match3.1.3
OR
joomlajoomla\!Match3.1.4
OR
joomlajoomla\!Match3.1.5
OR
joomlajoomla\!Match3.1.6
OR
joomlajoomla\!Match3.2.0
OR
joomlajoomla\!Match3.2.1
OR
joomlajoomla\!Match3.2.2
OR
joomlajoomla\!Match3.2.3
OR
joomlajoomla\!Match3.2.4
OR
joomlajoomla\!Match3.3.0
OR
joomlajoomla\!Match3.3.1
OR
joomlajoomla\!Match3.3.2
OR
joomlajoomla\!Match3.3.3
OR
joomlajoomla\!Match3.3.4
OR
joomlajoomla\!Match3.4.0
OR
joomlajoomla\!Match3.4.1
OR
joomlajoomla\!Match3.4.2
OR
joomlajoomla\!Match3.4.3
OR
joomlajoomla\!Match3.4.4
OR
joomlajoomla\!Match3.4.5
VendorProductVersionCPE
joomlajoomla\!1.5.0cpe:2.3:a:joomla:joomla\!:1.5.0:*:*:*:*:*:*:*
joomlajoomla\!1.5.1cpe:2.3:a:joomla:joomla\!:1.5.1:*:*:*:*:*:*:*
joomlajoomla\!1.5.2cpe:2.3:a:joomla:joomla\!:1.5.2:*:*:*:*:*:*:*
joomlajoomla\!1.5.3cpe:2.3:a:joomla:joomla\!:1.5.3:*:*:*:*:*:*:*
joomlajoomla\!1.5.4cpe:2.3:a:joomla:joomla\!:1.5.4:*:*:*:*:*:*:*
joomlajoomla\!1.5.6cpe:2.3:a:joomla:joomla\!:1.5.6:*:*:*:*:*:*:*
joomlajoomla\!1.5.7cpe:2.3:a:joomla:joomla\!:1.5.7:*:*:*:*:*:*:*
joomlajoomla\!1.5.8cpe:2.3:a:joomla:joomla\!:1.5.8:*:*:*:*:*:*:*
joomlajoomla\!1.5.9cpe:2.3:a:joomla:joomla\!:1.5.9:*:*:*:*:*:*:*
joomlajoomla\!1.5.10cpe:2.3:a:joomla:joomla\!:1.5.10:*:*:*:*:*:*:*
Rows per page:
1-10 of 951

Related

checkpoint_advisories 1
saint 4
cvelist 1
openvas 2
exploitdb 2
joomla 1
prion 1
packetstorm 2
canvas 1
cve 1
nessus 4
threatpost 1
exploitpack 1
zdt 2
metasploit 1
freebsd 1
impervablog 1
checkpoint_advisories
checkpoint_advisories
Joomla Object Injection Remote Command Execution (CVE-2015-8562)
2015-12-15 00:00:00
saint
saint
Joomla User-Agent PHP object injection
2015-12-17 00:00:00
Joomla User-Agent PHP object injection
2015-12-17 00:00:00
Joomla User-Agent PHP object injection
2015-12-17 00:00:00
cvelist
cvelist
CVE-2015-8562
2015-12-16 21:00:00
openvas
openvas
Joomla! Core Remote Code Execution Vulnerability (Version Check)
2015-12-17 00:00:00
Joomla! Core RCE Vulnerability
2015-12-16 00:00:00
exploitdb
exploitdb
Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
2015-12-15 00:00:00
Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution
2015-12-18 00:00:00
joomla
joomla
[20151201] - Core - Remote Code Execution Vulnerability
2015-12-13 00:00:00
prion
prion
Design/Logic Flaw
2015-12-16 21:59:00
packetstorm
packetstorm
Joomla 3.4.5 Object Injection
2015-12-31 00:00:00
Joomla HTTP Header Unauthenticated Remote Code Execution
2015-12-17 00:00:00
canvas
canvas
Immunity Canvas: JOOMLA_SESSION_UNSERIALIZE
2015-12-16 21:59:00
cve
cve
CVE-2015-8562
2015-12-16 21:59:06
nessus
nessus
Joomla! User-Agent Object Injection RCE
2016-01-29 00:00:00
Joomla! < 3.4.7 Multiple Vulnerabilities
2016-01-06 00:00:00
FreeBSD : joomla -- multiple vulnerabilities (a9f60ce8-a4e0-11e5-b864-14dae9d210b8)
2015-12-18 00:00:00
threatpost
threatpost
Threatlist: Hackers Turn to Python as Attack Coding Language of Choice
2018-09-27 20:08:07
exploitpack
exploitpack
Joomla! 1.5 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution
2015-12-18 00:00:00
zdt
zdt
Joomla 1.5 - 3.4.5 - HTTP Header Unauthenticated Remote Code Execution Exploit
2015-12-19 00:00:00
Joomla 1.5 - 3.4.5 - Object Injection RCE X-Forwarded-For Header Exploit
2015-12-18 00:00:00
metasploit
metasploit
Joomla HTTP Header Unauthenticated Remote Code Execution
2015-12-15 17:03:36
freebsd
freebsd
joomla -- multiple vulnerabilities
2015-12-14 00:00:00
impervablog
impervablog
The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice
2018-09-26 16:18:36

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.972

Percentile

99.9%

JSON
Related for NVD:CVE-2015-8562
checkpoint_advisories1saint4cvelist1openvas2exploitdb2joomla1prion1packetstorm2canvas1cve1nessus4threatpost1exploitpack1zdt2metasploit1freebsd1impervablog1