9.8

CVE-2015-8835

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.

Data is provided by the National Vulnerability Database (NVD)
PhpPhp Version5.6.0 Updatealpha1
PhpPhp Version5.6.0 Updatealpha2
PhpPhp Version5.6.0 Updatealpha3
PhpPhp Version5.6.0 Updatealpha4
PhpPhp Version5.6.0 Updatealpha5
PhpPhp Version5.6.0 Updatebeta1
PhpPhp Version5.6.0 Updatebeta2
PhpPhp Version5.6.0 Updatebeta3
PhpPhp Version5.6.0 Updatebeta4
PhpPhp Version5.6.1
PhpPhp Version5.6.2
PhpPhp Version5.6.3
PhpPhp Version5.6.4
PhpPhp Version5.6.5
PhpPhp Version5.6.6
PhpPhp Version5.6.7
PhpPhp Version5.6.8
PhpPhp Version5.6.9
PhpPhp Version5.6.10
PhpPhp Version5.6.11
PhpPhp Version5.5.0
PhpPhp Version5.5.0 Updatealpha1
PhpPhp Version5.5.0 Updatealpha2
PhpPhp Version5.5.0 Updatealpha3
PhpPhp Version5.5.0 Updatealpha4
PhpPhp Version5.5.0 Updatealpha5
PhpPhp Version5.5.0 Updatealpha6
PhpPhp Version5.5.0 Updatebeta1
PhpPhp Version5.5.0 Updatebeta2
PhpPhp Version5.5.0 Updatebeta3
PhpPhp Version5.5.0 Updatebeta4
PhpPhp Version5.5.0 Updaterc1
PhpPhp Version5.5.0 Updaterc2
PhpPhp Version5.5.1
PhpPhp Version5.5.2
PhpPhp Version5.5.3
PhpPhp Version5.5.4
PhpPhp Version5.5.5
PhpPhp Version5.5.6
PhpPhp Version5.5.7
PhpPhp Version5.5.8
PhpPhp Version5.5.9
PhpPhp Version5.5.10
PhpPhp Version5.5.11
PhpPhp Version5.5.12
PhpPhp Version5.5.13
PhpPhp Version5.5.14
PhpPhp Version5.5.15
PhpPhp Version5.5.16
PhpPhp Version5.5.17
PhpPhp Version5.5.18
PhpPhp Version5.5.19
PhpPhp Version5.5.20
PhpPhp Version5.5.21
PhpPhp Version5.5.22
PhpPhp Version5.5.23
PhpPhp Version5.5.24
PhpPhp Version5.5.25
PhpPhp Version5.5.26
PhpPhp Version5.5.27
PhpPhp Version <= 5.4.43
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 4.05% 0.881
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P