Vulnerability Details : CVE-2015-6831
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
Vulnerability category: Memory CorruptionExecute code
Threat overview for CVE-2015-6831
Top countries where our scanners detected CVE-2015-6831
Top open port discovered on systems with this issue
80
IPs affected by CVE-2015-6831 318,940
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-6831!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-6831
Probability of exploitation activity in the next 30 days: 2.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-6831
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST |
CWE ids for CVE-2015-6831
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6831
-
http://www.debian.org/security/2015/dsa-3344
Debian -- Security Information -- DSA-3344-1 php5Third Party Advisory
-
https://security.gentoo.org/glsa/201606-10
PHP: Multiple vulnerabilities (GLSA 201606-10) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/76737
PHP CVE-2015-6831 Multiple Use After Free Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
https://bugs.php.net/bug.php?id=70169
PHP :: Sec Bug #70169 :: Use After Free Vulnerability in unserialize() with SplDoublyLinkedListExploit;Issue Tracking;Vendor Advisory
-
https://bugs.php.net/bug.php?id=70168
PHP :: Sec Bug #70168 :: Use After Free Vulnerability in unserialize() with SplObjectStorageExploit;Issue Tracking;Vendor Advisory
-
https://bugs.php.net/bug.php?id=70155
PHP :: Sec Bug #70155 :: Use After Free Vulnerability in unserialize() with SPLArrayObjectExploit;Issue Tracking;Vendor Advisory
-
https://bugs.php.net/bug.php?id=70166
PHP :: Sec Bug #70166 :: Use After Free Vulnerability in unserialize() with SPLArrayObjectExploit;Issue Tracking;Vendor Advisory
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLogRelease Notes;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2015/08/19/3
oss-security - CVE Request: more php unserializing issuesMailing List;Third Party Advisory
Products affected by CVE-2015-6831
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*