NVD

Id
31700  
Name
CVE-2014-3515  
Description
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-07-09  
Modified Date
2017-01-06  
Seq
2014-3515  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
166516 31700 CVE-2014-3515 http://git.php.net/?p=php-src.git;a=commit;h=88223c5245e9b470e1e6362bfd96829562ffe6ab  View
166517 31700 CVE-2014-3515 openSUSE-SU-2014:1236  View
166518 31700 CVE-2014-3515 SSRT101681  View
166519 31700 CVE-2014-3515 RHSA-2014:1765  View
166520 31700 CVE-2014-3515 RHSA-2014:1766  View
166521 31700 CVE-2014-3515 60998  View
166522 31700 CVE-2014-3515 http://support.apple.com/kb/HT6443  View
166523 31700 CVE-2014-3515 http://www-01.ibm.com/support/docview.wss?uid=swg21683486  View
166524 31700 CVE-2014-3515 DSA-2974  View
166525 31700 CVE-2014-3515 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html  View
166526 31700 CVE-2014-3515 http://www.php.net/ChangeLog-5.php  View
166527 31700 CVE-2014-3515 68237  View
166528 31700 CVE-2014-3515 https://bugs.php.net/bug.php?id=67492  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14417 JVNDB-2014-003292 PHP の SPL コンポーネントにおける任意のコードを実行される脆弱性 PHP の SPL コンポーネントは、非シリアル化後、特定のデータ構造が配列データ型を有するということを誤って予測するため、任意のコードを実行される脆弱性が存在します。 CVE-2014-3515 70803 CVE-2014-3515 31700 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003292.html 2014-06-26 2015-03-27 View