6.8

CVE-2015-3330

Exploit
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleLinux Version6
OracleLinux Version7
OracleSolaris Version11.2
ApplemacOS X Version <= 10.10.4
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
PhpPhp Version <= 5.4.39
PhpPhp Version5.5.0
PhpPhp Version5.5.0 Updatealpha1
PhpPhp Version5.5.0 Updatealpha2
PhpPhp Version5.5.0 Updatealpha3
PhpPhp Version5.5.0 Updatealpha4
PhpPhp Version5.5.0 Updatealpha5
PhpPhp Version5.5.0 Updatealpha6
PhpPhp Version5.5.0 Updatebeta1
PhpPhp Version5.5.0 Updatebeta2
PhpPhp Version5.5.0 Updatebeta3
PhpPhp Version5.5.0 Updatebeta4
PhpPhp Version5.5.0 Updaterc1
PhpPhp Version5.5.0 Updaterc2
PhpPhp Version5.5.1
PhpPhp Version5.5.2
PhpPhp Version5.5.3
PhpPhp Version5.5.4
PhpPhp Version5.5.5
PhpPhp Version5.5.6
PhpPhp Version5.5.7
PhpPhp Version5.5.8
PhpPhp Version5.5.9
PhpPhp Version5.5.10
PhpPhp Version5.5.11
PhpPhp Version5.5.12
PhpPhp Version5.5.13
PhpPhp Version5.5.14
PhpPhp Version5.5.18
PhpPhp Version5.5.19
PhpPhp Version5.5.20
PhpPhp Version5.5.21
PhpPhp Version5.5.22
PhpPhp Version5.5.23
PhpPhp Version5.6.0 Updatealpha1
PhpPhp Version5.6.0 Updatealpha2
PhpPhp Version5.6.0 Updatealpha3
PhpPhp Version5.6.0 Updatealpha4
PhpPhp Version5.6.0 Updatealpha5
PhpPhp Version5.6.0 Updatebeta1
PhpPhp Version5.6.0 Updatebeta2
PhpPhp Version5.6.0 Updatebeta3
PhpPhp Version5.6.0 Updatebeta4
PhpPhp Version5.6.2
PhpPhp Version5.6.3
PhpPhp Version5.6.4
PhpPhp Version5.6.5
PhpPhp Version5.6.6
PhpPhp Version5.6.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.08% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Mailing List
https://support.apple.com/kb/HT205031
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Third Party Advisory
http://www.securitytracker.com/id/1033703
https://support.apple.com/HT205267
Third Party Advisory
http://php.net/ChangeLog-5.php
Patch
http://rhn.redhat.com/errata/RHSA-2015-1066.html
http://rhn.redhat.com/errata/RHSA-2015-1135.html
Third Party Advisory
https://security.gentoo.org/glsa/201606-10
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html
http://www.ubuntu.com/usn/USN-2572-1
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
Third Party Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7
http://openwall.com/lists/oss-security/2015/04/17/7
Third Party Advisory
http://www.securityfocus.com/bid/74204
https://bugs.php.net/bug.php?id=68486
Permissions Required
https://bugs.php.net/bug.php?id=69218
Exploit