5

CVE-2015-4024

Exploit
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
ApplemacOS X Version <= 10.10.4
PhpPhp Version <= 5.4.40
PhpPhp Version5.4.39
PhpPhp Version5.5.0
PhpPhp Version5.5.0 Updatealpha1
PhpPhp Version5.5.0 Updatealpha2
PhpPhp Version5.5.0 Updatealpha3
PhpPhp Version5.5.0 Updatealpha4
PhpPhp Version5.5.0 Updatealpha5
PhpPhp Version5.5.0 Updatealpha6
PhpPhp Version5.5.0 Updatebeta1
PhpPhp Version5.5.0 Updatebeta2
PhpPhp Version5.5.0 Updatebeta3
PhpPhp Version5.5.0 Updatebeta4
PhpPhp Version5.5.0 Updaterc1
PhpPhp Version5.5.0 Updaterc2
PhpPhp Version5.5.1
PhpPhp Version5.5.2
PhpPhp Version5.5.3
PhpPhp Version5.5.4
PhpPhp Version5.5.5
PhpPhp Version5.5.6
PhpPhp Version5.5.7
PhpPhp Version5.5.8
PhpPhp Version5.5.9
PhpPhp Version5.5.10
PhpPhp Version5.5.11
PhpPhp Version5.5.12
PhpPhp Version5.5.13
PhpPhp Version5.5.14
PhpPhp Version5.5.18
PhpPhp Version5.5.19
PhpPhp Version5.5.20
PhpPhp Version5.5.21
PhpPhp Version5.5.22
PhpPhp Version5.5.23
PhpPhp Version5.5.24
PhpPhp Version5.6.0 Updatealpha1
PhpPhp Version5.6.0 Updatealpha2
PhpPhp Version5.6.0 Updatealpha3
PhpPhp Version5.6.0 Updatealpha4
PhpPhp Version5.6.0 Updatealpha5
PhpPhp Version5.6.0 Updatebeta1
PhpPhp Version5.6.0 Updatebeta2
PhpPhp Version5.6.0 Updatebeta3
PhpPhp Version5.6.0 Updatebeta4
PhpPhp Version5.6.2
PhpPhp Version5.6.3
PhpPhp Version5.6.4
PhpPhp Version5.6.5
PhpPhp Version5.6.6
PhpPhp Version5.6.7
PhpPhp Version5.6.8
HpSystem Management Homepage Version <= 7.5.3.1
OracleLinux Version6
OracleLinux Version7
OracleSolaris Version11.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 50.13% 0.988
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://php.net/ChangeLog-5.php
Patch
http://rhn.redhat.com/errata/RHSA-2015-1135.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1218.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1186.html
http://rhn.redhat.com/errata/RHSA-2015-1187.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3280
http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html
http://rhn.redhat.com/errata/RHSA-2015-1219.html
http://www.securityfocus.com/bid/74903
http://www.securitytracker.com/id/1032432
https://bugs.php.net/bug.php?id=69364
Patch
Exploit