Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-9253
HistoryFeb 19, 2018 - 12:00 a.m.

CVE-2015-9253

2018-02-1900:00:00
ubuntu.com
ubuntu.com
31

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

78.2%

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before
7.2.8, and before 7.1.20. The php-fpm master process restarts a child
process in an endless loop when using program execution functions (e.g.,
passthru, exec, shell_exec, or system) with a non-blocking STDIN stream,
causing this master process to consume 100% of the CPU, and consume disk
space with a large volume of error logs, as demonstrated by an attack by a
customer of a shared-hosting facility.

Bugs

Notes

Author Note
leosilva in 7.0 upstream patch caused a regression according with upstream that is the possible the missing patch: https://github.com/php/php-src/commit/cc5c51e7f0732067f105d13c6d355fcab5965c2f
rodrigo-zaiden php7.0 for xenial was released with above patch.
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.29+esm10UNKNOWN
ubuntu16.04noarchphp7.0< 7.0.33-0ubuntu0.16.04.16+esm3UNKNOWN
ubuntu18.04noarchphp7.2< 7.2.10-0ubuntu0.18.04.1UNKNOWN
ubuntu18.10noarchphp7.2< 7.2.10-0ubuntu1UNKNOWN
ubuntu19.04noarchphp7.2< 7.2.10-0ubuntu1UNKNOWN

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

78.2%