CVE-2015-8835

2015-12-3100:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.101 Low

EPSS

Percentile

94.8%

JSON

The make_http_soap_request function in ext/soap/php_http.c in PHP before
5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly
retrieve keys, which allows remote attackers to cause a denial of service
(NULL pointer dereference, type confusion, and application crash) or
possibly execute arbitrary code via crafted serialized data representing a
numerically indexed _cookies array, related to the SoapClient::__call
method in ext/soap/soap.c.

Bugs

<https://bugs.php.net/bug.php?id=70081>

Notes

Author	Note
sbeattie	upstream fixed in 5.6.12, 5.5.28, and 5.4.44
mdeslaur	This CVE is for the first part of the fix, and the first part listed in the bug. See CVE-2016-3185 for the second part.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.22UNKNOWN
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.16UNKNOWN
ubuntu15.10noarchphp5< 5.6.11+dfsg-1ubuntu3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	php5	< 5.3.10-1ubuntu3.22	UNKNOWN
ubuntu	14.04	noarch	php5	< 5.5.9+dfsg-1ubuntu4.16	UNKNOWN
ubuntu	15.10	noarch	php5	< 5.6.11+dfsg-1ubuntu3.2	UNKNOWN