10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.7 High
AI Score
Confidence
High
0.201 Low
EPSS
Percentile
96.4%
It was discovered that the PHP phar extension incorrectly handled certain
files. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2015-5589)
It was discovered that the PHP phar extension incorrectly handled certain
filepaths. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-5590)
Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835
Sean Heelan discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6832)
It was discovered that the PHP phar extension incorrectly handled certain
archives. A remote attacker could use this issue to cause files to be
placed outside of the destination directory. (CVE-2015-6833)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6836)
It was discovered that the PHP XSLTProcessor class incorrectly handled
certain data. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2015-6837)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 15.04 | noarch | libapache2-mod-php5 | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | libapache2-mod-php5-dbgsym | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | libapache2-mod-php5filter | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | libapache2-mod-php5filter-dbgsym | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | libphp5-embed | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | libphp5-embed-dbgsym | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | php-pear | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | php5 | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | php5-cgi | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
Ubuntu | 15.04 | noarch | php5-cgi-dbgsym | < 5.6.4+dfsg-4ubuntu6.3 | UNKNOWN |
ubuntu.com/security/CVE-2015-5589
ubuntu.com/security/CVE-2015-5590
ubuntu.com/security/CVE-2015-6831
ubuntu.com/security/CVE-2015-6832
ubuntu.com/security/CVE-2015-6833
ubuntu.com/security/CVE-2015-6834
ubuntu.com/security/CVE-2015-6835
ubuntu.com/security/CVE-2015-6836
ubuntu.com/security/CVE-2015-6837
ubuntu.com/security/CVE-2015-6838
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.7 High
AI Score
Confidence
High
0.201 Low
EPSS
Percentile
96.4%