Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2015-8617
HistoryJan 19, 2016 - 5:59 a.m.

CVE-2015-8617

2016-01-1905:59:07
CWE-134
mitre
web.nvd.nist.gov
42
cve-2015-8617
format string vulnerability
zend_throw_or_error
php 7.x
nvd

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.176

Percentile

96.2%

JSON

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.

Affected configurations

Nvd
Node
phpphpMatch7.0.1
VendorProductVersionCPE
phpphp7.0.1cpe:/a:php:php:7.0.1:::

Related

prion 1
cvelist 1
zdt 1
nvd 1
ubuntucve 1
debiancve 1
openvas 2
nessus 3
kaspersky 2
prion
prion
Format string
2016-01-19 05:59:00
cvelist
cvelist
CVE-2015-8617
2016-01-19 02:00:00
zdt
zdt
PHP 7.0.0 - Format String
2015-12-23 00:00:00
nvd
nvd
CVE-2015-8617
2016-01-19 05:59:07
ubuntucve
ubuntucve
CVE-2015-8617
2016-01-19 00:00:00
debiancve
debiancve
CVE-2015-8617
2016-01-19 05:59:00
openvas
openvas
PHP Multiple Vulnerabilities - 02 (Mar 2016) - Windows
2016-03-01 00:00:00
PHP Multiple Vulnerabilities - 02 (Mar 2016) - Linux
2016-03-01 00:00:00
nessus
nessus
PHP 7.0.x < 7.0.1 Multiple Vulnerabilities
2019-01-09 00:00:00
PHP 7.0.x < 7.0.1 Multiple Vulnerabilities
2015-12-22 00:00:00
PHP 7.0.x < 7.0.1 Multiple Vulnerabilities
2016-01-29 00:00:00
kaspersky
kaspersky
KLA10746 Multiple vulnerabilities in PHP
2016-01-19 00:00:00
KLA10747 Obsolete PHP version in XAMPP & WAMP
2016-01-19 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.176

Percentile

96.2%

JSON
Related for CVE-2015-8617
prion1cvelist1zdt1nvd1ubuntucve1debiancve1openvas2nessus3kaspersky2