CVE-2015-4602
Publication date 23 June 2015
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
Status
Package | Ubuntu Release | Status |
---|---|---|
php5 | ||
14.04 LTS trusty |
Fixed 5.5.9+dfsg-1ubuntu4.11
|
|
Patch details
Package | Patch details |
---|---|
php5 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 · Critical |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2658-1
- PHP vulnerabilities
- 6 July 2015