CVE-2015-4148
SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration
Severity Score
Exploit Likelihood
Affected Versions
54Public Exploits
3Exploited in Wild
-Decision
Descriptions
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
La función do_soap_call en ext/soap/soap.c en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 no verifica que la propiedad uri es una cadena, lo que permite a atacantes remotos obtener información sensible mediante la provisión de datos serializados manipulados con un tipo de datos int, relacionados con un problema de 'confusión de tipo'.
A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-01 CVE Reserved
- 2015-06-04 CVE Published
- 2015-09-24 First Exploit
- 2024-08-06 CVE Updated
- 2025-04-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinja... | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/75103 | Vdb Entry | |
| http://www.securitytracker.com/id/1032459 | Vdb Entry | |
| https://support.apple.com/kb/HT205031 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38304 | 2015-09-24 | |
| http://openwall.com/lists/oss-security/2015/06/01/4 | 2024-08-06 | |
| https://bugs.php.net/bug.php?id=69085 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Aug... | 2018-01-05 | |
| http://lists.opensuse.org/opensuse-updates/2015-06/msg0002... | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2015-1053.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2015-1066.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2015-1135.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2015-1218.html | 2018-01-05 | |
| https://security.gentoo.org/glsa/201606-10 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2015-4148 | 2015-07-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1226916 | 2015-07-09 |