Rapid7 VulnDB

FreeBSD: PHP multiple vulnerabilities (Multiple CVEs)

Back to Search

FreeBSD: PHP multiple vulnerabilities (Multiple CVEs)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
07/09/2014
Created
07/25/2018
Added
08/19/2014
Modified
10/15/2015

Description

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

Solution(s)

  • freebsd-upgrade-package-php53

References

  • freebsd-upgrade-package-php53

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;