Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3330

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

Published

2015-06-09T18:59:03.613

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	oracle	linux	6	Yes
Operating System	oracle	linux	7	Yes
Operating System	oracle	solaris	11.2	Yes
Operating System	apple	mac_os_x	≤ 10.10.4	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_hpc_node	7.0	Yes
Operating System	redhat	enterprise_linux_hpc_node_eus	7.1	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_eus	7.1	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	php	php	≤ 5.4.39	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.0	Yes
Application	php	php	5.5.1	Yes
Application	php	php	5.5.2	Yes
Application	php	php	5.5.3	Yes
Application	php	php	5.5.4	Yes
Application	php	php	5.5.5	Yes
Application	php	php	5.5.6	Yes
Application	php	php	5.5.7	Yes
Application	php	php	5.5.8	Yes
Application	php	php	5.5.9	Yes
Application	php	php	5.5.10	Yes
Application	php	php	5.5.11	Yes
Application	php	php	5.5.12	Yes
Application	php	php	5.5.13	Yes
Application	php	php	5.5.14	Yes
Application	php	php	5.5.18	Yes
Application	php	php	5.5.19	Yes
Application	php	php	5.5.20	Yes
Application	php	php	5.5.21	Yes
Application	php	php	5.5.22	Yes
Application	php	php	5.5.23	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.0	Yes
Application	php	php	5.6.2	Yes
Application	php	php	5.6.3	Yes
Application	php	php	5.6.4	Yes
Application	php	php	5.6.5	Yes
Application	php	php	5.6.6	Yes
Application	php	php	5.6.7	Yes

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 ([email protected])
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html Mailing List ([email protected])
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html ([email protected])
http://openwall.com/lists/oss-security/2015/04/17/7 Third Party Advisory ([email protected])
http://php.net/ChangeLog-5.php Patch ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1066.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1135.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1186.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1187.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/74204 ([email protected])
http://www.securitytracker.com/id/1033703 ([email protected])
http://www.ubuntu.com/usn/USN-2572-1 ([email protected])
https://bugs.php.net/bug.php?id=68486 Permissions Required ([email protected])
https://bugs.php.net/bug.php?id=69218 Exploit ([email protected])
https://security.gentoo.org/glsa/201606-10 ([email protected])
https://support.apple.com/HT205267 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT205031 Third Party Advisory ([email protected])
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2015/04/17/7 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://php.net/ChangeLog-5.php Patch (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1066.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1135.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1186.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1187.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74204 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033703 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2572-1 (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=68486 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=69218 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201606-10 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT205267 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT205031 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)