Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2015-3412
HistoryMay 16, 2016 - 10:00 a.m.

CVE-2015-3412

2016-05-1610:00:00
mitre
www.cve.org

7.2 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.

Related

nvd 1
cve 1
prion 1
ubuntucve 1
f5 2
nessus 24
suse 5
openvas 19
ibm 5
veracode 8
ubuntu 1
redhat 5
osv 1
securityvulns 2
oraclelinux 4
debian 1
centos 2
rosalinux 1
nvd
nvd
CVE-2015-3412
2016-05-16 10:59:03
cve
cve
CVE-2015-3412
2016-05-16 10:59:03
prion
prion
Design/Logic Flaw
2016-05-16 10:59:00
ubuntucve
ubuntucve
CVE-2015-3412
2015-06-23 00:00:00
f5
f5
SOL17028 - PHP vulnerabilities CVE-2015-3411 and CVE-2015-3412
2015-08-03 00:00:00
K17028 : PHP vulnerabilities CVE-2015-3411 and CVE-2015-3412
2015-08-06 00:00:00
nessus
nessus
F5 Networks BIG-IP : PHP vulnerabilities (K17028)
2016-02-19 00:00:00
SUSE SLES11 Security Update : PHP (SUSE-SU-2015:1265-1)
2015-07-21 00:00:00
openSUSE Security Update : php5 (openSUSE-2015-471)
2015-07-07 00:00:00
suse
suse
Security update for php5 (important)
2015-07-06 10:05:40
Security update for PHP (important)
2015-07-17 20:09:41
Security update for php5 (important)
2015-07-17 10:12:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1265-1)
2021-06-09 00:00:00
SUSE: Security Advisory for PHP (SUSE-SU-2015:1265-1)
2015-10-13 00:00:00
PHP Multiple Vulnerabilities - 03 (Jun 2015) - Windows
2015-06-17 00:00:00
ibm
ibm
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
2018-06-16 19:50:01
Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manger (FSM)
2019-01-31 02:10:01
Security Bulletin: Multiple vulnerabilities affect IBM Flex System Chassis Management Module
2019-01-31 02:25:02
veracode
veracode
Arbitrary File Write
2019-05-02 05:39:55
Improper Input Validation
2019-05-02 05:39:56
Denial Of Service (DoS)
2019-05-02 05:39:55
ubuntu
ubuntu
PHP vulnerabilities
2015-07-06 00:00:00
redhat
redhat
(RHSA-2015:1187) Important: rh-php56-php security update
2015-06-25 00:00:00
(RHSA-2015:1186) Important: php55-php security update
2015-06-25 00:00:00
(RHSA-2015:1218) Moderate: php security update
2015-07-09 00:00:00
osv
osv
php5 - security update
2015-09-07 00:00:00
securityvulns
securityvulns
[USN-2658-1] PHP vulnerabilities
2015-07-13 00:00:00
PHP multiple security vulnerabilities
2015-07-13 00:00:00
oraclelinux
oraclelinux
php55-php security update
2016-02-04 00:00:00
php security update
2015-07-09 00:00:00
php54 security and bug fix update
2016-02-04 00:00:00
debian
debian
[SECURITY] [DLA 307-1] php5 security update
2015-09-07 20:21:46
centos
centos
php security update
2015-07-09 19:23:41
php security update
2015-06-24 03:28:02
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

7.2 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON
Related for CVELIST:CVE-2015-3412
nvd1cve1prion1ubuntucve1f52nessus24suse5openvas19ibm5veracode8ubuntu1redhat5osv1securityvulns2oraclelinux4debian1centos2rosalinux1