CVE-2016-7478

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

References

http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7

http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf

http://www.securityfocus.com/bid/95150

https://bugs.php.net/bug.php?id=73093

https://security.netapp.com/advisory/ntap-20180112-0001/

https://www.youtube.com/watch?v=LDcaPstAuPk

Details

Source: MITRE

Published: 2017-01-11

Updated: 2018-01-14

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.29:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.34:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.35:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.37:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.38:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.41:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.42:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.43:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.44:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.45:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.32:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.33:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.34:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.35:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.36:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.37:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.6.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
124998EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1545)NessusHuawei Local Security Checks
critical
98837PHP 7.0.x < 7.0.13 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
98818PHP 5.6.x < 5.6.28 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
119994SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0556-1)NessusSuSE Local Security Checks
critical
119993SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0534-1)NessusSuSE Local Security Checks
critical
99915EulerOS 2.0 SP2 : php (EulerOS-SA-2017-1068)NessusHuawei Local Security Checks
high
99914EulerOS 2.0 SP1 : php (EulerOS-SA-2017-1067)NessusHuawei Local Security Checks
high
99003Debian DLA-875-1 : php5 security updateNessusDebian Local Security Checks
critical
97563openSUSE Security Update : php7 (openSUSE-2017-304)NessusSuSE Local Security Checks
critical
97431SUSE SLES11 Security Update : php53 (SUSE-SU-2017:0568-1)NessusSuSE Local Security Checks
critical
97190Ubuntu 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-3196-1)NessusUbuntu Local Security Checks
critical
96292FreeBSD : PHP -- multiple vulnerabilities (1b61ecef-cdb9-11e6-a9a5-b499baebfeaf)NessusFreeBSD Local Security Checks
critical
9809PHP 5.6.x < 5.6.28 / 7.0.x < 7.0.13 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
94956PHP 7.0.x < 7.0.13 Multiple VulnerabilitiesNessusCGI abuses
high
94955PHP 5.6.x < 5.6.28 Multiple VulnerabilitiesNessusCGI abuses
high