PRIOn knowledge basePRION:CVE-2016-7478Design/Logic Flaw
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.103 Low
EPSS
Percentile
94.8%
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php | eq | 5.6.1 | |
| php | eq | 5.5.36 | |
| php | eq | 5.5.0 alpha1 | |
| php | eq | 5.6.0 alpha5 | |
| php | eq | 5.5.0 alpha3 | |
| php | eq | 5.5.34 | |
| php | eq | 5.2.9 | |
| php | eq | 5.4.12 rc1 | |
| php | eq | 5.3.10 | |
| php | eq | 7.0.11 |
References
www.securityfocus.com/bid/95150
blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
bugs.php.net/bug.php?id=73093
security.netapp.com/advisory/ntap-20180112-0001/
www.youtube.com/watch?v=LDcaPstAuPk
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.103 Low
EPSS
Percentile
94.8%