Vulnerability Details : CVE-2015-7803
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2015-7803
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
Threat overview for CVE-2015-7803
Top countries where our scanners detected CVE-2015-7803
Top open port discovered on systems with this issue
80
IPs affected by CVE-2015-7803 397,485
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-7803!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-7803
6.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7803
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2015-7803
-
http://git.php.net/?p=php-src.git;a=commit;h=d698f0ae51f67c9cce870b09c59df3d6ba959244
208.43.231.11 Git - php-src.git/commit
-
http://www.debian.org/security/2015/dsa-3380
Debian -- Security Information -- DSA-3380-1 php5
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html
openSUSE-SU-2016:0366-1: moderate: Security update for php5
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html
openSUSE-SU-2016:0251-1: moderate: Security update for php5
-
http://www.openwall.com/lists/oss-security/2015/10/05/8
oss-security - CVE request: issues fixed in PHP 5.6.14 and 5.5.30
-
https://security.gentoo.org/glsa/201606-10
PHP: Multiple vulnerabilities (GLSA 201606-10) — Gentoo security
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720
The Slackware Linux Project: Slackware Security Advisories
-
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Apple - Lists.apple.com
-
https://bugs.php.net/bug.php?id=69720
PHP :: Sec Bug #69720 :: Null pointer dereference in phar_get_fp_offset()Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
[security-announce] SUSE-SU-2016:1145-1: important: Security update for
-
https://support.apple.com/HT205637
About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks - Apple SupportVendor Advisory
-
http://www.php.net/ChangeLog-5.php
PHP: PHP 5 ChangeLog
-
http://www.ubuntu.com/usn/USN-2786-1
USN-2786-1: PHP vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/76959
PHP PHAR Multiple Denial of Service Vulnerabilities
Jump to