Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-4601
HistoryJun 23, 2015 - 12:00 a.m.

CVE-2015-4601

2015-06-2300:00:00
ubuntu.com
ubuntu.com
25

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.133

Percentile

95.6%

PHP before 5.6.7 might allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via an unexpected
data type, related to “type confusion” issues in (1)
ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c,
a different issue than CVE-2015-4600.

Bugs

Notes

Author Note
mdeslaur commit already in CVE-2015-4147
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.19UNKNOWN
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.11UNKNOWN
ubuntu14.10noarchphp5< 5.5.12+dfsg-2ubuntu4.6UNKNOWN
ubuntu15.04noarchphp5< 5.6.4+dfsg-4ubuntu6.2UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.133

Percentile

95.6%