Vulnerability Details : CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
Vulnerability category: Execute code
Threat overview for CVE-2014-3515
Top countries where our scanners detected CVE-2014-3515
Top open port discovered on systems with this issue
80
IPs affected by CVE-2014-3515 304,987
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-3515!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-3515
Probability of exploitation activity in the next 30 days: 81.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3515
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-3515
-
http://marc.info/?l=bugtraq&m=141017844705317&w=2
'[security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat o' - MARCMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
openSUSE-SU-2014:1236-1: moderate: several security fixes for php5Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-1766.html
RHSA-2014:1766 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://support.apple.com/kb/HT6443
About the security content of OS X Mavericks v10.9.5 and Security Update 2014-004 - Apple SupportThird Party Advisory
-
http://secunia.com/advisories/60998
Sign inThird Party Advisory
-
https://bugs.php.net/bug.php?id=67492
PHP :: Sec Bug #67492 :: unserialize() SPL ArrayObject / SPLObjectStorage Type ConfusionPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/68237
PHP unserialize() Function Type Confusion Security VulnerabilityThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Oracle Bulletin Board Update - January 2015Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RHSA-2014:1765 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2014/dsa-2974
Debian -- Security Information -- DSA-2974-1 php5Third Party Advisory
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
IBM Security Bulletin: Multiple vulnerabilities in PHP 5.2 open source component for IBM Lotus Protector for Mail Security (CVE-2014-3515 CVE-2014-4049 CVE-2014-3981 CVE-2014-0238 CVE-2014-0237, CVE-2Third Party Advisory
-
http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab
208.43.231.11 Git - php-src.git/commitExploit;Patch;Vendor Advisory
Products affected by CVE-2014-3515
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*