Lucene search

K

MicrofocusCVELIST:CVE-2016-3185

HistoryMay 16, 2016 - 10:00 a.m.

CVE-2016-3185

2016-05-1610:00:00

microfocus

www.cve.org

1

8.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.

References

lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html

php.net/ChangeLog-5.php

php.net/ChangeLog-7.php

www.securityfocus.com/bid/84307

www.ubuntu.com/usn/USN-2952-1

www.ubuntu.com/usn/USN-2952-2

bugs.php.net/bug.php?id=70081

bugs.php.net/bug.php?id=71610

git.php.net/?p=php-src.git%3Ba=commit%3Bh=eaf4e77190d402ea014207e9a7d5da1a4f3727ba

8.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

Related for CVELIST:CVE-2016-3185

f52 openvas14 debiancve1 prion1 cve1 nvd1 ubuntucve2 nessus20 suse6 ubuntu2 ibm1 rosalinux1