PT-2015-3426 · Php+5 · Php+5

Php At Bof Dot De

Published

2015-03-20

Updated

2019-12-27

CVE-2015-3330

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.40 PHP versions 5.5.x prior to 5.5.24 PHP versions 5.6.x prior to 5.6.8

Description The issue is related to the php handler function in PHP, which can be exploited by remote attackers when used with the Apache HTTP Server 2.4.x. This can lead to a denial of service or possibly allow the execution of arbitrary code via pipelined HTTP requests, resulting in a "deconfigured interpreter." The vulnerability exists due to insufficient input validation, allowing a remote attacker to potentially execute arbitrary code.

Recommendations For PHP versions prior to 5.4.40, update to version 5.4.40 or later. For PHP versions 5.5.x prior to 5.5.24, update to version 5.5.24 or later. For PHP versions 5.6.x prior to 5.6.8, update to version 5.6.8 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-02529

CESA-2015_1135

CVE-2015-3330

DLA-212-1

DSA-3198-1

MGASA-2015-0169

OPENSUSE-SU-2015_0855-1

RHSA-2015:1066

RHSA-2015:1135

RHSA-2015:1186

RHSA-2015:1187

RHSA-2015_1135

SUSE-SU-2015:0868-1

USN-2572-1

Affected Products

Apache Http Server

Centos

Php

Red Hat

Suse

Ubuntu

PT-2015-3426 · Php+5 · Php+5

CVE-2015-3330

Weakness Enumeration

Related Identifiers

Affected Products

References · 201