Vulnerability Name:

CVE-2014-3515 (CCN-94107)

Assigned:2014-06-22
Published:2014-06-22
Updated:2022-11-09
Summary:The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-843
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2014-3515

Source: CONFIRM
Type: Exploit, Patch, Vendor Advisory
http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2014:1236

Source: HP
Type: Mailing List, Third Party Advisory
SSRT101681

Source: CCN
Type: RHSA-2014-1012
Moderate: php53 and php security update

Source: CCN
Type: RHSA-2014-1013
Moderate: php security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:1765

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:1766

Source: SECUNIA
Type: Third Party Advisory
59794

Source: SECUNIA
Type: Third Party Advisory
59831

Source: SECUNIA
Type: Third Party Advisory
60998

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT6443

Source: CONFIRM
Type: Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683486

Source: DEBIAN
Type: Third Party Advisory
DSA-2974

Source: CCN
Type: IBM Security Bulletin 1683330
Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)

Source: CCN
Type: IBM Security Bulletin 1683486
Multiple vulnerabilities in PHP 5.2 open source component for IBM Lotus Protector for Mail Security (CVE-2014-3515 CVE-2014-4049 CVE-2014-3981 CVE-2014-0238 CVE-2014-0237, CVE-2014-4721, CVE-2014-4670 CVE-2014-4698)

Source: CONFIRM
Type: Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: CCN
Type: OSVDB ID: 108462
PHP unserialize() Call SPL ArrayObject / SPLObjectStorage Unspecified Type Confusion Issue

Source: CONFIRM
Type: Vendor Advisory
http://www.php.net/ChangeLog-5.php

Source: BID
Type: Third Party Advisory, VDB Entry
68237

Source: CCN
Type: BID-68237
PHP unserialize() Function Type Confusion Security Vulnerability

Source: CCN
Type: PHP Web site
unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion

Source: CONFIRM
Type: Patch, Vendor Advisory
https://bugs.php.net/bug.php?id=67492

Source: XF
Type: UNKNOWN
php-cve20143515-code-exec(94107)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-3515

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 5.5.0 and < 5.5.14)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 5.4.0 and < 5.4.30)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version < 5.3.29)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 11:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 12:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 13:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.5.13:-:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_protector:2.8:*:*:*:mail_security:*:*:*
  • OR cpe:/a:ibm:lotus_protector:2.8.1:*:*:*:mail_security:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_qradar_incident_forensics:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20143515
    V
    		CVE-2014-3515
    2022-05-20
    oval:org.opensuse.security:def:33758
    P
    		Security update for xorg-x11-server (Important)
    2021-12-20
    oval:org.opensuse.security:def:34609
    P
    		Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:33049
    P
    		Security update for java-1_7_0-openjdk (Important)
    2021-11-24
    oval:org.opensuse.security:def:32218
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-11-19
    oval:org.opensuse.security:def:26163
    P
    		Security update for bind (Important)
    2021-11-11
    oval:org.opensuse.security:def:29423
    P
    		Security update for openssl (Low)
    2021-09-20
    oval:org.opensuse.security:def:33971
    P
    		Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32162
    P
    		Security update for libcares2 (Important)
    2021-08-16
    oval:org.opensuse.security:def:26099
    P
    		Security update for libsndfile (Critical)
    2021-08-05
    oval:org.opensuse.security:def:26088
    P
    		Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:33927
    P
    		Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:31638
    P
    		Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:36538
    P
    		php53-devel-5.3.17-0.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42493
    P
    		apache2-mod_php53-5.3.17-0.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36086
    P
    		apache2-mod_php53-5.3.17-0.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:33903
    P
    		Security update for samba (Important)
    2021-05-04
    oval:org.opensuse.security:def:26212
    P
    		Security update for python3 (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:34649
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:29480
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:32267
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:26087
    P
    		Security update for sudo (Important)
    2021-01-26
    oval:org.opensuse.security:def:33010
    P
    		Security update for java-1_8_0-ibm (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:26061
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:25977
    P
    		Security update for openssl-1_1 (Important)
    2020-12-10
    oval:org.opensuse.security:def:32006
    P
    		Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:33136
    P
    		libQtWebKit4-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26664
    P
    		aaa_base on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29125
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:33513
    P
    		Security update for perl-HTML-Parser
    2020-12-01
    oval:org.opensuse.security:def:26863
    P
    		apache2-mod_jk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25839
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29821
    P
    		Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31564
    P
    		Security update for squid3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26265
    P
    		Security update for guile (Low)
    2020-12-01
    oval:org.opensuse.security:def:30597
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27049
    P
    		unzip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26429
    P
    		Security update for keepalived (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32328
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33361
    P
    		Security update for openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26805
    P
    		perl-Tk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29206
    P
    		Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33815
    P
    		Security update for glib2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25647
    P
    		Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29718
    P
    		Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:31552
    P
    		Security update for socat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29922
    P
    		Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31862
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26367
    P
    		Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26291
    P
    		Security update for python-reportlab (Important)
    2020-12-01
    oval:org.opensuse.security:def:33147
    P
    		libexif on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26717
    P
    		gzip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29126
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:33601
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:27501
    P
    		libwmf on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25635
    P
    		Security update for tigervnc (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25920
    P
    		Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29860
    P
    		Security update for the Linux Kernel
    2020-12-01
    oval:org.opensuse.security:def:26314
    P
    		Security update for iperf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27084
    P
    		apache2-mod_php53 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33135
    P
    		libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26513
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:32372
    P
    		Security update for tcpdump (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33456
    P
    		Security update for icu
    2020-12-01
    oval:org.opensuse.security:def:26819
    P
    		ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29337
    P
    		Security update for spacewalk
    2020-12-01
    oval:org.opensuse.security:def:33864
    P
    		Security update for jasper
    2020-12-01
    oval:org.opensuse.security:def:25711
    P
    		Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29772
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:31553
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30560
    P
    		Security update for OpenSSL
    2020-12-01
    oval:org.opensuse.security:def:31919
    P
    		Security update for ghostscript-library (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26411
    P
    		Security update for go (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26372
    P
    		Recommended update for geotiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32306
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33226
    P
    		pcsc-ccid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26766
    P
    		libsamplerate on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29137
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27536
    P
    		php53-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25636
    P
    		Security update for libproxy (Important)
    2020-12-01
    oval:org.opensuse.security:def:29565
    P
    		Security update for OpenEXR (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29878
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31770
    P
    		Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)
    2020-12-01
    oval:org.opensuse.security:def:26353
    P
    		Security update for tor (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:26721
    P
    		ELSA-2014-1013 -- php security update (moderate)
    2014-12-15
    oval:org.mitre.oval:def:27197
    P
    		ELSA-2014-1012 -- php53 and php security update (moderate)
    2014-12-15
    oval:org.mitre.oval:def:26314
    P
    		RHSA-2014:1012: php53 and php security update (Moderate)
    2014-10-13
    oval:org.mitre.oval:def:26421
    P
    		RHSA-2014:1013: php security update (Moderate)
    2014-10-13
    oval:org.mitre.oval:def:24837
    P
    		DSA-2974-1 -- php5 - security update
    2014-10-06
    oval:org.mitre.oval:def:25721
    P
    		SUSE-SU-2014:0938-1 -- Security update for PHP 5.3
    2014-09-15
    oval:org.mitre.oval:def:25226
    P
    		USN-2276-1 -- php5 vulnerabilities
    2014-09-01
    oval:com.redhat.rhsa:def:20141012
    P
    		RHSA-2014:1012: php53 and php security update (Moderate)
    2014-08-06
    oval:com.redhat.rhsa:def:20141013
    P
    		RHSA-2014:1013: php security update (Moderate)
    2014-08-06
    oval:com.ubuntu.precise:def:20143515000
    V
    		CVE-2014-3515 on Ubuntu 12.04 LTS (precise) - medium.
    2014-07-09
    oval:com.ubuntu.trusty:def:20143515000
    V
    		CVE-2014-3515 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-07-09
    BACK
    php php *
    php php *
    php php *
    debian debian linux 8.0
    debian debian linux 7.0
    php php 5.5.13
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    ibm lotus protector 2.8
    ibm lotus protector 2.8.1
    redhat enterprise linux hpc node 7
    ibm security qradar incident forensics 7.2.2
    redhat enterprise linux desktop 7
    redhat enterprise linux server 7
    redhat enterprise linux workstation 7