CVE-2015-4147
HIGH severity · CVSS 7.5 · CWE-19
7.5CVSS HIGH
Summary
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)48%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://openwall.com/lists/oss-security/2015/06/01/4 ↗
Additional information
- NVD record
- http://openwall.com/lists/oss-security/2015/06/01/4Patch
- http://php.net/ChangeLog-5.phpPatch
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-1053.html
- http://rhn.redhat.com/errata/RHSA-2015-1066.html
- http://rhn.redhat.com/errata/RHSA-2015-1135.html
- http://rhn.redhat.com/errata/RHSA-2015-1218.html