Oracle Solaris 11: CVE-2015-2787: Vulnerability in PHP
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | March 30, 2015 | May 29, 2017 | January 08, 2018 |
Description
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- APPLE-APPLE-SA-2015-08-13-2
- APPLE-APPLE-SA-2015-09-30-3
- BID-73431
- CVE-2015-2787
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0061337
- IAVM-2015-A-0199
- REDHAT-RHSA-2015:1053
- REDHAT-RHSA-2015:1066
- REDHAT-RHSA-2015:1135
- REDHAT-RHSA-2015:1218
- URL: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1
Solution
oracle-solaris-11-2-upgrade-web-php-52-5-2-17-0-175-2-12-0-4-0Related Vulnerabilities
- DSA-3198-1 php5 -- security update
- RHSA-2015:1066: php54 security and bug fix update
- OS X update for apache_mod_php (CVE-2015-2787)
- ELSA-2015-1218 Moderate: Oracle Linux php security update
- ELSA-2015-1053 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux php55 security and bug fix update
- HP System Management Homepage - HPSBMU03380 (CVE-2015-2787): Linux and Windows, Multiple Vulnerabilities
- SUSE: CVE-2015-2787: SUSE Linux Security Advisory
- OS X update for apache (CVE-2015-2787)
- RHSA-2015:1135: php security and bug fix update
- PHP Vulnerability: CVE-2015-2787
- Gentoo Linux: CVE-2015-2787: PHP: Multiple vulnerabilities
- ELSA-2015-1066 Important: Oracle Linux Software Collections 1.2 for Oracle Linux php54 security and bug fix update
- USN-2572-1: PHP vulnerabilities
- RHSA-2015:1218: php security update
- ELSA-2015-1135 Important: Oracle Linux php security and bug fix update