CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2015-6831 – php: Use After Free Vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2015-6831
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. Múltiples vulnerabilidades de uso después de liberación de memoria en SPL en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permiten a atacantes remotos ejecutar código arbitrario involucrando vectores (1) ArrayObject, (2) SplObjectStorage y (3) SplDoublyLinkedList, los cuales no son manejados adecuadamente durante la deserialización. A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/08/19/3 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76737 https://bugs.php.net/bug.php?id=70155 https://bugs.php.net/bug.php?id=70166 https://bugs.php.net/bug.php?id=70168 https://bugs.php.net/bug.php?id=70169 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6831 https://bugzilla.r • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 58EXPL: 0CVE-2015-6832 – php: dangling pointer in the unserialization of ArrayObject items
https://notcve.org/view.php?id=CVE-2015-6832
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. Vulnerabilidad de uso después de liberación de memoria en la implementación de SPL unserialize en ext/spl/spl_array.c en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permite a atacantes remotos ejecutar código arbitrario a través de datos serializados manipulados que desencadenan un uso incorrecto de un campo array. A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://www.debian.org/security/2015/dsa-3344 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=70068 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6832 https://bugzilla.redhat.com/show_bug.cgi?id=1256322 •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2015-6833 – php: Files from archive can be extracted outside of destination directory using phar
https://notcve.org/view.php?id=CVE-2015-6833
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. Vulnerabilidad de salto de directorio en la clase PharData en PHP en versiones anteriores a 5.4.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 permite a atacantes remotos escribir a archivos arbitrarios a través de .. (punto punto) en una entrada de archivo ZIP que es manejada incorrectamente durante una llamada extractTo. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. • http://www.debian.org/security/2015/dsa-3344 http://www.openwall.com/lists/oss-security/2015/08/19/3 http://www.php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=70019 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6833 https://bugzilla.redhat.com/show_bug.cgi?id=1283702 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 9%CPEs: 63EXPL: 2CVE-2015-6835 – PHP Session Deserializer - Use-After-Free
https://notcve.org/view.php?id=CVE-2015-6835
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. La sesión deserializer en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13 no es correctamente manejada en llamadas multiples php_var_unserialize, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación del servicio (uso después de liberación de memoria) a través de una sesión de contenido manipulada. A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • https://www.exploit-db.com/exploits/38123 https://github.com/ockeghem/CVE-2015-6835-checker http://php.net/ChangeLog-5.php http://www.debian.org/security/2015/dsa-3358 http://www.securityfocus.com/bid/76734 http://www.securitytracker.com/id/1033548 https://bugs.php.net/bug.php?id=70219 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6835 https://bugzilla.redhat.com/show_bug.cgi?id=1260647 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 60EXPL: 0CVE-2015-6836 – php: SOAP serialize_function_call() type confusion
https://notcve.org/view.php?id=CVE-2015-6836
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. El método SoapClient __call en ext/soap/soap.c en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13 no maneja adecuadamente las cabeceras, lo que permite a atacantes remotos ejecutar código arbitrario a través de datos serializados manipulados que desencadenan un "type confusion" en la función serialize_function_call. A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://www.debian.org/security/2015/dsa-3358 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76644 http://www.securitytracker.com/id/1033548 https://bugs.php.net/bug.php?id=70388 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6836 https://bugzilla.redhat.com/show_bug.cgi?id=1260683 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •