CVE-2015-8617 - OpenCVE

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*

References

Link	Resource
http://php.net/ChangeLog-7.php	Vendor Advisory
http://www.securitytracker.com/id/1034543
https://bugs.php.net/bug.php?id=71105	Exploit
https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-01-19T02:00:00

Updated: 2017-09-09T09:57:01

Reserved: 2015-12-22T00:00:00

Link: CVE-2015-8617

JSON object: View

NVD Information

Status : Modified

Published: 2016-01-19T05:59:07.560

Modified: 2017-09-10T01:29:04.717

Link: CVE-2015-8617

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-09T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e"}, {"name": "1034543", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034543"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://php.net/ChangeLog-7.php"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=71105"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8617", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e", "refsource": "CONFIRM", "url": "https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e"}, {"name": "1034543", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034543"}, {"name": "http://php.net/ChangeLog-7.php", "refsource": "CONFIRM", "url": "http://php.net/ChangeLog-7.php"}, {"name": "https://bugs.php.net/bug.php?id=71105", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=71105"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8617", "datePublished": "2016-01-19T02:00:00", "dateReserved": "2015-12-22T00:00:00", "dateUpdated": "2017-09-09T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B90B947-7B54-47F3-9637-2F4AC44079EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling."}, {"lang": "es", "value": "Vulnerabilidad de formato de cadena en la funci\u00f3n zend_throw_or_error en Zend/zend_execute_API.c en PHP 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de especificadores de formato de cadena en una cadena que se utiliza de forma incorrecta como nombre de una clase, conduciendo al manejo de errores incorrecto."}], "id": "CVE-2015-8617", "lastModified": "2017-09-10T01:29:04.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-19T05:59:07.560", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://php.net/ChangeLog-7.php"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034543"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.php.net/bug.php?id=71105"}, {"source": "cve@mitre.org", "url": "https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}