PT-2015-3243 · Php+4 · Php+4

Publicado

2015-06-17

·

Atualizado

2019-04-22

·

CVE-2015-4603

CVSS v2.0

10

Crítica

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.40 PHP versions 5.5.x prior to 5.5.24 PHP versions 5.6.x prior to 5.6.8
Description The issue is related to a "type confusion" problem in the exception::getTraceAsString function, allowing remote attackers to execute arbitrary code via an unexpected data type.
Recommendations For PHP versions prior to 5.4.40, update to version 5.4.40 or later. For PHP versions 5.5.x prior to 5.5.24, update to version 5.5.24 or later. For PHP versions 5.6.x prior to 5.6.8, update to version 5.6.8 or later.

Exploit

Correção

Type Confusion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-843

Identificadores relacionados

BDU:2016-01366
CESA-2015_1135
CESA-2015_1218
CVE-2015-4603
OPENSUSE-SU-2015_1197-1
RHSA-2015:1066
RHSA-2015:1135
RHSA-2015:1186
RHSA-2015:1187
RHSA-2015:1218
RHSA-2015_1135
RHSA-2015_1218
SUSE-SU-2015:1253-1
SUSE-SU-2015:1253-2
SUSE-SU-2016:1638-1
USN-2658-1

Produtos afetados

Centos
Php
Red Hat
Suse
Ubuntu