CVE-2015-0231

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.

References

http://advisories.mageia.org/MGASA-2015-0040.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html

http://marc.info/?l=bugtraq&m=143403519711434&w=2

http://marc.info/?l=bugtraq&m=143748090628601&w=2

http://marc.info/?l=bugtraq&m=144050155601375&w=2

http://rhn.redhat.com/errata/RHSA-2015-1053.html

http://rhn.redhat.com/errata/RHSA-2015-1066.html

http://rhn.redhat.com/errata/RHSA-2015-1135.html

http://www.debian.org/security/2015/dsa-3195

http://www.mandriva.com/security/advisories?name=MDVSA-2015:032

http://www.mandriva.com/security/advisories?name=MDVSA-2015:079

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.php.net/ChangeLog-5.php

http://www.securityfocus.com/bid/72539

https://bugs.php.net/bug.php?id=68710

https://bugzilla.redhat.com/show_bug.cgi?id=1185397

https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd

https://security.gentoo.org/glsa/201503-03

https://security.gentoo.org/glsa/201606-10

https://support.apple.com/HT205267

Details

Source: MITRE

Published: 2015-01-27

Updated: 2016-12-31

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.29:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.34:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.35:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.36 (inclusive)

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
124997EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)NessusHuawei Local Security Checks
critical
98830PHP 5.6.x < 5.6.7 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98828PHP 5.6.x < 5.6.5 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
119961SUSE SLES12 Security Update : php5 (SUSE-SU-2015:0365-1)NessusSuSE Local Security Checks
critical
93161SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)NessusSuSE Local Security Checks
critical
91704GLSA-201606-10 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
8982Mac OS X < 10.11 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
86270Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)NessusMacOS X Local Security Checks
critical
84923HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
84394Scientific Linux Security Update : php on SL7.x x86_64 (20150623)NessusScientific Linux Local Security Checks
critical
84355RHEL 7 : php (RHSA-2015:1135)NessusRed Hat Local Security Checks
critical
84351Oracle Linux 7 : php (ELSA-2015-1135)NessusOracle Linux Local Security Checks
critical
84345CentOS 7 : php (CESA-2015:1135)NessusCentOS Local Security Checks
critical
82923Slackware 14.0 / 14.1 / current : php (SSA:2015-111-10)NessusSlackware Local Security Checks
high
82836Amazon Linux AMI : php56 (ALAS-2015-508)NessusAmazon Linux Local Security Checks
high
82835Amazon Linux AMI : php55 (ALAS-2015-507)NessusAmazon Linux Local Security Checks
high
82834Amazon Linux AMI : php54 (ALAS-2015-506)NessusAmazon Linux Local Security Checks
high
8681PHP 5.4.x < 5.4.39 / 5.5.x < 5.5.23 / 5.6.x < 5.6.7 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
82514FreeBSD : Several vulnerabilities found in PHP (742563d4-d776-11e4-b595-4061861086c1)NessusFreeBSD Local Security Checks
critical
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82332Mandriva Linux Security Advisory : php (MDVSA-2015:079)NessusMandriva Local Security Checks
high
82027PHP 5.6.x < 5.6.7 Multiple VulnerabilitiesNessusCGI abuses
critical
82026PHP 5.5.x < 5.5.23 Multiple VulnerabilitiesNessusCGI abuses
critical
82025PHP 5.4.x < 5.4.39 Multiple VulnerabilitiesNessusCGI abuses
critical
81926Debian DSA-3195-1 : php5 - security updateNessusDebian Local Security Checks
high
81688GLSA-201503-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
8615PHP 5.4.x < 5.4.37 / 5.5.x < 5.5.21 / 5.6.x < 5.6.5 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
81507SuSE 11.3 Security Update : php53 (SAT Patch Number 10313)NessusSuSE Local Security Checks
high
81418openSUSE Security Update : php5 (openSUSE-2015-163)NessusSuSE Local Security Checks
critical
81399Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : php5 vulnerabilities (USN-2501-1)NessusUbuntu Local Security Checks
high
81321Amazon Linux AMI : php54 (ALAS-2015-475)NessusAmazon Linux Local Security Checks
high
81320Amazon Linux AMI : php55 (ALAS-2015-474)NessusAmazon Linux Local Security Checks
high
81198Mandriva Linux Security Advisory : php (MDVSA-2015:032)NessusMandriva Local Security Checks
high
81191Fedora 20 : php-5.5.21-1.fc20 (2015-1101)NessusFedora Local Security Checks
high
81190Fedora 21 : php-5.6.5-1.fc21 (2015-1058)NessusFedora Local Security Checks
high
81082PHP 5.6.x < 5.6.5 Multiple VulnerabilitiesNessusCGI abuses
critical
81081PHP 5.5.x < 5.5.21 Multiple VulnerabilitiesNessusCGI abuses
critical
81080PHP 5.4.x < 5.4.37 Multiple VulnerabilitiesNessusCGI abuses
high