Vulnerability CVE-2015-6834

Vulnerability Name:

CVE-2015-6834 (CCN-106363)

Assigned:

2015-09-03

Published:

2015-09-03

Updated:

2017-11-04

Summary:

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

CWE-502: Deserialization of Untrusted Data

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-6834

Source: CONFIRM
Type: UNKNOWN
http://php.net/ChangeLog-5.php

Source: CCN
Type: RHSA-2016-0457
Moderate: rh-php56-php security update

Source: DEBIAN
Type: UNKNOWN
DSA-3358

Source: CCN
Type: IBM Security Bulletin 1972384
IBM Tealeaf Customer Experience PCA Web UI PHP security issues

Source: BID
Type: UNKNOWN
76649

Source: CCN
Type: BID-76649
PHP CVE-2015-6834 Multiple Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1033548

Source: CONFIRM
Type: Exploit
https://bugs.php.net/bug.php?id=70172

Source: CONFIRM
Type: Exploit
https://bugs.php.net/bug.php?id=70365

Source: CONFIRM
Type: Exploit
https://bugs.php.net/bug.php?id=70366

Source: XF
Type: UNKNOWN
php-cve20156834-code-exec(106363)

Source: CCN
Type: PHP Web site
Version 5.4.45

Source: GENTOO
Type: UNKNOWN
GLSA-201606-10

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-6834

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.4.44)

OR cpe:/a:php:php:5.5.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.12:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.13:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.14:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.15:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.16:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.17:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.18:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.19:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.20:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.21:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.22:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.23:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.24:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.25:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.26:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.27:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.5.28:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.0:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.8:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.9:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.10:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.11:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.6.12:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*

AND

cpe:/a:ibm:tealeaf_customer_experience:16.1.01:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20156834	V	CVE-2015-6834	2022-09-02
oval:org.opensuse.security:def:9680	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:10438	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:9884	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:9634	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:38242	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:10371	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:9619	P	Security update for python-Pygments (Important)	2021-12-01
oval:org.opensuse.security:def:10368	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:10175	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:9417	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:9612	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:10169	P	Security update for Salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:9604	P	Security update for dnsmasq (Moderate)	2021-10-27
oval:org.opensuse.security:def:10162	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:10346	P	Security update for curl (Moderate)	2021-10-06
oval:org.opensuse.security:def:10153	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:9395	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:10147	P	Security update for xerces-c (Important)	2021-09-02
oval:org.opensuse.security:def:11120	P	Security update for libspf2 (Critical)	2021-08-25
oval:org.opensuse.security:def:10139	P	Security update for djvulibre (Important)	2021-08-20
oval:org.opensuse.security:def:9387	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:13900	P	libgc1-7.2d-3.75 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14201	P	libXrender1-0.9.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14176	P	java-1_8_0-ibm-1.8.0_sr4.5-29.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14083	P	apache2-2.4.23-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14064	P	xinetd-2.3.15-7.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14046	P	tcpdump-4.5.1-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14929	P	jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13998	P	pam_krb5-2.4.4-4.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14907	P	gpg2-2.0.24-9.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13930	P	libmspack0-0.4-14.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14269	P	libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:13908	P	libhogweed2-2.7.1-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14256	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14245	P	libjson-c2-0.11-2.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:38769	P	Security update for cpio (Important)	2021-08-12
oval:org.opensuse.security:def:9761	P	Security update for nodejs8 (Important)	2021-08-05
oval:org.opensuse.security:def:11098	P	Security update for claws-mail (Moderate)	2021-07-16
oval:org.opensuse.security:def:10296	P	Security update for go1.15 (Important)	2021-06-30
oval:org.opensuse.security:def:9544	P	Security update for ovmf (Important)	2021-06-25
oval:org.opensuse.security:def:9742	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10111	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10277	P	Security update for spice-gtk (Moderate)	2021-06-10
oval:org.opensuse.security:def:9727	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:9525	P	Security update for qemu (Important)	2021-06-09
oval:org.opensuse.security:def:16634	P	php5-devel-5.5.14-109.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15880	P	php5-devel-5.5.14-39.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124640	P	php5-devel-5.5.14-109.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16484	P	libXv-devel-1.0.10-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16098	P	php5-devel-5.5.14-73.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16668	P	xen-devel-4.11.0_08-1.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16611	P	libzypp-devel-16.19.0-2.36.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16526	P	libjavascriptcoregtk-1_0-0-2.4.11-23.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16492	P	libasm-devel-0.158-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16348	P	php5-devel-5.5.14-108.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10086	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:10262	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:9510	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:9708	P	Security update for lz4 (Important)	2021-05-19
oval:org.opensuse.security:def:9695	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:38658	P	Security update for MozillaFirefox (Important)	2021-04-28
oval:org.opensuse.security:def:9686	P	Security update for spamassassin (Important)	2021-04-13
oval:org.opensuse.security:def:9862	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:9861	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:9463	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:10215	P	Security update for python-cryptography (Important)	2021-03-03
oval:org.opensuse.security:def:9854	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:10396	P	Security update for php7 (Important)	2021-02-24
oval:org.opensuse.security:def:38609	P	Security update for ImageMagick (Moderate)	2021-02-23
oval:org.opensuse.security:def:9644	P	Security update for the Linux Kernel (Important)	2021-02-19
oval:org.opensuse.security:def:9836	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:10585	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:16877	P	libqt4-devel-4.8.7-8.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16845	P	libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16735	P	gegl-devel-0.2.0-14.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16699	P	bsh2-2.0.0.b5-3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16968	P	sane-backends-devel-1.0.24-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16946	P	pango-devel-1.40.1-9.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16934	P	ncurses-devel-5.9-64.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:38390	P	libvdpau1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38300	P	libical1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39449	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:38140	P	binutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39407	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38003	P	memcached on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37919	P	libmpfr4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38725	P	libsnmp30 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37908	P	libksba8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38697	P	libmms0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10460	P	lhasa-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10447	P	gnome-settings-daemon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10563	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9925	P	libtasn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9912	P	libqt4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9903	P	libpng15-15 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17632	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:17606	P	security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:10011	P	vsftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37907	P	libkpathsea6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9992	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9977	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10835	P	php5-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9930	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38550	P	autofs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10813	P	libxml2-devel on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20156834000	V	CVE-2015-6834 on Ubuntu 12.04 LTS (precise) - medium.	2016-05-16
oval:com.ubuntu.trusty:def:20156834000	V	CVE-2015-6834 on Ubuntu 14.04 LTS (trusty) - medium.	2016-05-16
oval:org.cisecurity:def:67	P	DSA-3358-1 -- php5 -- security update	2016-02-08

BACK