Lucene search

[email protected]CVE-2015-4147

HistoryJun 09, 2015 - 6:59 p.m.

CVE-2015-4147

2015-06-0918:59:09

CWE-19

[email protected]

web.nvd.nist.gov

114

cve-2015-4147

soapclient

php

code execution

remote attack

type confusion

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

JSON

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a “type confusion” issue.

Affected configurations

NVD

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch7.0

Node

applemac_os_xRange≤10.10.4

Node

phpphpRange≤5.4.38

phpphpMatch5.5.0

phpphpMatch5.5.0alpha1

phpphpMatch5.5.0alpha2

phpphpMatch5.5.0alpha3

phpphpMatch5.5.0alpha4

phpphpMatch5.5.0alpha5

phpphpMatch5.5.0alpha6

phpphpMatch5.5.0beta1

phpphpMatch5.5.0beta2

phpphpMatch5.5.0beta3

phpphpMatch5.5.0beta4

phpphpMatch5.5.0rc1

phpphpMatch5.5.0rc2

phpphpMatch5.5.1

phpphpMatch5.5.2

phpphpMatch5.5.3

phpphpMatch5.5.4

phpphpMatch5.5.5

phpphpMatch5.5.6

phpphpMatch5.5.7

phpphpMatch5.5.8

phpphpMatch5.5.9

phpphpMatch5.5.10

phpphpMatch5.5.11

phpphpMatch5.5.12

phpphpMatch5.5.13

phpphpMatch5.5.14

phpphpMatch5.5.18

phpphpMatch5.5.19

phpphpMatch5.5.20

phpphpMatch5.5.21

phpphpMatch5.5.22

phpphpMatch5.6.0alpha1

phpphpMatch5.6.0alpha2

phpphpMatch5.6.0alpha3

phpphpMatch5.6.0alpha4

phpphpMatch5.6.0alpha5

phpphpMatch5.6.0beta1

phpphpMatch5.6.0beta2

phpphpMatch5.6.0beta3

phpphpMatch5.6.0beta4

phpphpMatch5.6.2

phpphpMatch5.6.3

phpphpMatch5.6.4

phpphpMatch5.6.5

phpphpMatch5.6.6

CPENameOperatorVersion
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_hpc_noderedhat enterprise linux hpc nodeeq7.0
redhat:enterprise_linux_hpc_node_eusredhat enterprise linux hpc node euseq7.1
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_server_eusredhat enterprise linux server euseq7.1
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0

CPE	Name	Operator	Version
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_hpc_node	redhat enterprise linux hpc node	eq	7.0
redhat:enterprise_linux_hpc_node_eus	redhat enterprise linux hpc node eus	eq	7.1
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_server_eus	redhat enterprise linux server eus	eq	7.1
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0