vulnerability

Amazon Linux AMI: Security patch for php54 (ALAS-2016-670) (multiple CVEs)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 19, 2016
Added
Mar 17, 2016
Modified
Jul 28, 2025

Description

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.

Solutions

amazon-linux-upgrade-php54amazon-linux-upgrade-php54-bcmathamazon-linux-upgrade-php54-cliamazon-linux-upgrade-php54-commonamazon-linux-upgrade-php54-dbaamazon-linux-upgrade-php54-debuginfoamazon-linux-upgrade-php54-develamazon-linux-upgrade-php54-embeddedamazon-linux-upgrade-php54-enchantamazon-linux-upgrade-php54-fpmamazon-linux-upgrade-php54-gdamazon-linux-upgrade-php54-imapamazon-linux-upgrade-php54-intlamazon-linux-upgrade-php54-ldapamazon-linux-upgrade-php54-mbstringamazon-linux-upgrade-php54-mcryptamazon-linux-upgrade-php54-mssqlamazon-linux-upgrade-php54-mysqlamazon-linux-upgrade-php54-mysqlndamazon-linux-upgrade-php54-odbcamazon-linux-upgrade-php54-pdoamazon-linux-upgrade-php54-pgsqlamazon-linux-upgrade-php54-processamazon-linux-upgrade-php54-pspellamazon-linux-upgrade-php54-recodeamazon-linux-upgrade-php54-snmpamazon-linux-upgrade-php54-soapamazon-linux-upgrade-php54-tidyamazon-linux-upgrade-php54-xmlamazon-linux-upgrade-php54-xmlrpc

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today