Lucene search
F5F5:K17503HistoryOct 29, 2015 - 12:00 a.m.
K17503 : PHP vulnerabilities CVE-2015-7803 and CVE-2015-7804
2015-10-2900:00:00
my.f5.com
44
Security Advisory Description
A NULL pointer dereference flaw was found in the way PHP’s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash.
An uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP’s Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name “/ZIP” could cause a PHP application function to crash.
Impact
None. F5 products are not affected by this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.3.0 | |
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip analytics | eq | 11.0.0 |
Related
nessus
nessus
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2786-1)
2015-10-29 00:00:00
PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
2015-10-06 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-10-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3380-1)
2015-10-26 00:00:00
Ubuntu: Security Advisory (USN-2786-1)
2015-10-29 00:00:00
PHP Multiple Denial of Service Vulnerabilities - 01 (Dec 2015) - Linux
2015-12-15 00:00:00
debian
debian
[SECURITY] [DSA 3380-1] php5 security update
2015-10-27 18:43:43
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
f5
f5
SOL17503 - PHP vulnerabilities CVE-2015-7803 and CVE-2015-7804
2015-10-29 00:00:00
securityvulns
securityvulns
PHP security vulnerabilities
2015-11-02 00:00:00
[USN-2786-1] PHP vulnerabilities
2015-11-02 00:00:00
freebsd
freebsd
php -- multiple vulnerabilities
2015-10-01 00:00:00
osv
osv
php5 - security update
2015-10-27 00:00:00
php5 - security update
2015-11-08 00:00:00
slackware
slackware
[slackware-security] php
2016-02-04 00:07:13
ubuntucve
ubuntucve
CVE-2015-7804
2015-10-12 00:00:00
CVE-2015-7803
2015-10-12 00:00:00
nvd
nvd
CVE-2015-7804
2015-12-11 12:00:12
CVE-2015-7803
2015-12-11 12:00:11
prion
prion
Null pointer dereference
2015-12-11 12:00:00
Null pointer dereference
2015-12-11 12:00:00
cve
cve
CVE-2015-7803
2015-12-11 12:00:11
CVE-2015-7804
2015-12-11 12:00:12
hackerone
hackerone
Internet Bug Bounty: Null pointer dereference in phar_get_fp_offset()
2015-05-28 00:00:00
Internet Bug Bounty: Uninitialized pointer in phar_make_dirstream
2015-09-05 00:00:00
cvelist
cvelist
CVE-2015-7804
2015-12-11 11:00:00
CVE-2015-7803
2015-12-11 11:00:00
amazon
amazon
Medium: php55
2015-10-20 14:52:00
Medium: php56
2015-10-20 14:50:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:27:42
Path Traversal
2019-05-02 05:27:42
Use After Free
2019-05-02 05:27:42
redhat
redhat
(RHSA-2016:0457) Moderate: rh-php56-php security update
2016-03-15 00:00:00
suse
suse
Security update for php53 (important)
2016-04-25 19:08:08
Security update for php53 (important)
2016-06-14 20:07:58
Security update for php53 (important)
2016-06-21 13:08:17
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45