Vulnerability Name:

CVE-2015-6835 (CCN-106364)

Assigned:2015-09-03
Published:2015-09-03
Updated:2017-11-04
Summary:The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.

CWE-416: Use After Free
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-6835

Source: CONFIRM
Type: UNKNOWN
http://php.net/ChangeLog-5.php

Source: CCN
Type: RHSA-2016-0457
Moderate: rh-php56-php security update

Source: DEBIAN
Type: UNKNOWN
DSA-3358

Source: CCN
Type: IBM Security Bulletin 1972384
IBM Tealeaf Customer Experience PCA Web UI PHP security issues

Source: BID
Type: UNKNOWN
76734

Source: CCN
Type: BID-76734
PHP 'php_var_unserialize()' Function Use After Free Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1033548

Source: CONFIRM
Type: Exploit
https://bugs.php.net/bug.php?id=70219

Source: XF
Type: UNKNOWN
php-cve20156835-code-exec(106364)

Source: CCN
Type: PHP Web site
Version 5.4.45

Source: GENTOO
Type: UNKNOWN
GLSA-201606-10

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-6835

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:5.6.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:alpha5:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.6.12:-:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:php:php:*:*:*:*:*:*:*:* (Version <= 5.4.44)

  • Configuration 3:
  • cpe:/a:php:php:5.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha5:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:alpha6:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.6:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.7:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.8:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.9:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.10:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.11:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.12:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.13:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.14:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.15:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.16:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.17:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.18:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.19:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.20:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.21:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.22:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.23:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.24:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.25:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.26:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.27:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.5.28:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:php:php:5.4.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:tealeaf_customer_experience:16.1.01:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20156835
    V
    CVE-2015-6835
    2022-09-02
    oval:org.opensuse.security:def:9680
    P
    Security update for libsndfile (Important)
    2022-01-11
    oval:org.opensuse.security:def:10438
    P
    Security update for java-1_8_0-ibm (Important) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:9884
    P
    Security update for go1.17 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:9634
    P
    Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:38242
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:10371
    P
    Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:9619
    P
    Security update for python-Pygments (Important)
    2021-12-01
    oval:org.opensuse.security:def:10368
    P
    Security update for ruby2.5 (Important)
    2021-12-01
    oval:org.opensuse.security:def:10175
    P
    Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:9417
    P
    Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:9612
    P
    Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:10169
    P
    Security update for Salt (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:9604
    P
    Security update for dnsmasq (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:10162
    P
    Security update for glibc (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:10346
    P
    Security update for curl (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:10153
    P
    Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:9395
    P
    Security update for libesmtp (Important)
    2021-09-03
    oval:org.opensuse.security:def:10147
    P
    Security update for xerces-c (Important)
    2021-09-02
    oval:org.opensuse.security:def:11120
    P
    Security update for libspf2 (Critical)
    2021-08-25
    oval:org.opensuse.security:def:10139
    P
    Security update for djvulibre (Important)
    2021-08-20
    oval:org.opensuse.security:def:9387
    P
    Security update for spice-vdagent (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:13900
    P
    libgc1-7.2d-3.75 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14201
    P
    libXrender1-0.9.8-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14176
    P
    java-1_8_0-ibm-1.8.0_sr4.5-29.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14083
    P
    apache2-2.4.23-28.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14064
    P
    xinetd-2.3.15-7.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14046
    P
    tcpdump-4.5.1-10.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14929
    P
    jakarta-taglibs-standard-1.1.1-255.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13998
    P
    pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14907
    P
    gpg2-2.0.24-9.8.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13930
    P
    libmspack0-0.4-14.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14269
    P
    libpango-1_0-0-1.40.1-9.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:13908
    P
    libhogweed2-2.7.1-9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14256
    P
    libmodplug1-0.8.8.4-13.63 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14245
    P
    libjson-c2-0.11-2.15 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:38769
    P
    Security update for cpio (Important)
    2021-08-12
    oval:org.opensuse.security:def:9761
    P
    Security update for nodejs8 (Important)
    2021-08-05
    oval:org.opensuse.security:def:11098
    P
    Security update for claws-mail (Moderate)
    2021-07-16
    oval:org.opensuse.security:def:10296
    P
    Security update for go1.15 (Important)
    2021-06-30
    oval:org.opensuse.security:def:9544
    P
    Security update for ovmf (Important)
    2021-06-25
    oval:org.opensuse.security:def:9742
    P
    Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:10111
    P
    Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:10277
    P
    Security update for spice-gtk (Moderate)
    2021-06-10
    oval:org.opensuse.security:def:9727
    P
    Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:9525
    P
    Security update for qemu (Important)
    2021-06-09
    oval:org.opensuse.security:def:16634
    P
    php5-devel-5.5.14-109.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15880
    P
    php5-devel-5.5.14-39.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:124640
    P
    php5-devel-5.5.14-109.41.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16484
    P
    libXv-devel-1.0.10-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16098
    P
    php5-devel-5.5.14-73.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16668
    P
    xen-devel-4.11.0_08-1.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16611
    P
    libzypp-devel-16.19.0-2.36.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16526
    P
    libjavascriptcoregtk-1_0-0-2.4.11-23.20 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16492
    P
    libasm-devel-0.158-6.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16348
    P
    php5-devel-5.5.14-108.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10086
    P
    Security update for dhcp (Important)
    2021-06-02
    oval:org.opensuse.security:def:10262
    P
    Security update for curl (Moderate)
    2021-05-31
    oval:org.opensuse.security:def:9510
    P
    Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:9708
    P
    Security update for lz4 (Important)
    2021-05-19
    oval:org.opensuse.security:def:9695
    P
    Security update for xen (Important)
    2021-04-30
    oval:org.opensuse.security:def:38658
    P
    Security update for MozillaFirefox (Important)
    2021-04-28
    oval:org.opensuse.security:def:9686
    P
    Security update for spamassassin (Important)
    2021-04-13
    oval:org.opensuse.security:def:9862
    P
    Security update for openssl-1_1 (Moderate)
    2021-03-09
    oval:org.opensuse.security:def:9861
    P
    Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:9463
    P
    Security update for openldap2 (Important)
    2021-03-08
    oval:org.opensuse.security:def:10215
    P
    Security update for python-cryptography (Important)
    2021-03-03
    oval:org.opensuse.security:def:9854
    P
    Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:10396
    P
    Security update for php7 (Important)
    2021-02-24
    oval:org.opensuse.security:def:38609
    P
    Security update for ImageMagick (Moderate)
    2021-02-23
    oval:org.opensuse.security:def:9644
    P
    Security update for the Linux Kernel (Important)
    2021-02-19
    oval:org.opensuse.security:def:9836
    P
    Security update for subversion (Important)
    2021-02-10
    oval:org.opensuse.security:def:10585
    P
    Security update for the Linux Kernel (Important)
    2020-12-09
    oval:org.opensuse.security:def:16877
    P
    libqt4-devel-4.8.7-8.8.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16845
    P
    libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16735
    P
    gegl-devel-0.2.0-14.3 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16699
    P
    bsh2-2.0.0.b5-3.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16968
    P
    sane-backends-devel-1.0.24-3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16946
    P
    pango-devel-1.40.1-9.5 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:16934
    P
    ncurses-devel-5.9-64.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:38390
    P
    libvdpau1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38300
    P
    libical1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39449
    P
    Security update for php5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38140
    P
    binutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39407
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:38003
    P
    memcached on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37919
    P
    libmpfr4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38725
    P
    libsnmp30 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37908
    P
    libksba8 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38697
    P
    libmms0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10460
    P
    lhasa-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10447
    P
    gnome-settings-daemon-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10563
    P
    libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9925
    P
    libtasn1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9912
    P
    libqt4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9903
    P
    libpng15-15 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:17632
    P
    Security update for php5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:17606
    P
    security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10011
    P
    vsftpd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37907
    P
    libkpathsea6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9992
    P
    squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9977
    P
    python-pywbem on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10835
    P
    php5-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:9930
    P
    libupsclient1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38550
    P
    autofs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10813
    P
    libxml2-devel on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.precise:def:20156835000
    V
    CVE-2015-6835 on Ubuntu 12.04 LTS (precise) - medium.
    2016-05-16
    oval:com.ubuntu.trusty:def:20156835000
    V
    CVE-2015-6835 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-05-16
    oval:org.cisecurity:def:67
    P
    DSA-3358-1 -- php5 -- security update
    2016-02-08
    BACK
    php php 5.6.0 alpha1
    php php 5.6.0 alpha2
    php php 5.6.0 alpha3
    php php 5.6.0 alpha4
    php php 5.6.0 alpha5
    php php 5.6.0 beta1
    php php 5.6.0 beta2
    php php 5.6.0 beta3
    php php 5.6.0 beta4
    php php 5.6.1
    php php 5.6.2
    php php 5.6.3
    php php 5.6.4
    php php 5.6.5
    php php 5.6.6
    php php 5.6.7
    php php 5.6.8
    php php 5.6.9
    php php 5.6.10
    php php 5.6.11
    php php 5.6.12
    php php *
    php php 5.5.0
    php php 5.5.0 alpha1
    php php 5.5.0 alpha2
    php php 5.5.0 alpha3
    php php 5.5.0 alpha4
    php php 5.5.0 alpha5
    php php 5.5.0 alpha6
    php php 5.5.0 beta1
    php php 5.5.0 beta2
    php php 5.5.0 beta3
    php php 5.5.0 beta4
    php php 5.5.0 rc1
    php php 5.5.0 rc2
    php php 5.5.1
    php php 5.5.2
    php php 5.5.3
    php php 5.5.4
    php php 5.5.5
    php php 5.5.6
    php php 5.5.7
    php php 5.5.8
    php php 5.5.9
    php php 5.5.10
    php php 5.5.11
    php php 5.5.12
    php php 5.5.13
    php php 5.5.14
    php php 5.5.15
    php php 5.5.16
    php php 5.5.17
    php php 5.5.18
    php php 5.5.19
    php php 5.5.20
    php php 5.5.21
    php php 5.5.22
    php php 5.5.23
    php php 5.5.24
    php php 5.5.25
    php php 5.5.26
    php php 5.5.27
    php php 5.5.28
    php php 5.4.0
    ibm tealeaf customer experience 16.1.01