CVE-2015-4601

Published: May 16, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

Affected (7)

Products: Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Hpc Node Eus, Enterprise Linux Server, Enterprise Linux Server Eus, Enterprise Linux Workstation · Php: Php

6 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Hpc Node Eus

Enterprise Linux Server

Enterprise Linux Server Eus

Enterprise Linux Workstation

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Hpc Node Eus	Version 7.1
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Eus	Version 7.1
Redhat Enterprise Linux Workstation	Version 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Php Php	Up to 5.6.6

References (16)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0c136a2abd49298b66acb0cad504f0f972f5bfe8

Source: secalert@redhat.com

http://php.net/ChangeLog-5.php

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1135.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1218.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/06/16/12

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/75246

Source: secalert@redhat.com

http://www.securitytracker.com/id/1032709

Source: secalert@redhat.com

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0c136a2abd49298b66acb0cad504f0f972f5bfe8

Source: af854a3a-2127-422b-91ae-364da2661108

http://php.net/ChangeLog-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1135.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1218.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/06/16/12

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/75246

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032709

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.