CVE-2015-3330 — Improper Input Validation in Redhat Enterprise Linux Server

CWE-20 — Improper Input Validation CWE-665 — Improper Initialization10 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

39.0%

top 2.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Php5 Apple MAC OS X PHP +9 more

Timeline

PublishedJun 9

Latest updateMay 13

Description

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages9 packages

▶NVDredhat/enterprise_linux_server7.0

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.9

▶NVDphp/php5.4.39+28

▶NVDapple/mac_os_x10.10.4

▶NVDoracle/linux6, 7+1

Also affects: Enterprise Linux 6.0, 7.0, 7.1

Patches

Patch: php.net ↗Patch: php.net ↗

🔴Vulnerability Details

GHSA

GHSA-2879-hr6w-p3mx: The php_handler function in sapi/apache2handler/sapi_apache2↗2022-05-13

▶

CVEList

CVE-2015-3330: The php_handler function in sapi/apache2handler/sapi_apache2↗2015-06-09

▶

OSV

php5 vulnerabilities↗2015-04-20

▶

OSV

CVE-2015-3330: The php_handler function in sapi/apache2handler/sapi_apache2↗2015-04-20

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2015-04-20

▶

Red Hat

php: pipelined request executed in deinitialized interpreter under httpd 2.4↗2015-04-16

▶

Apple

CVE-2015-3330: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

Apple

CVE-2015-3330: OS X El Capitan v10.11↗

▶

💬Community

Bugzilla

CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4↗2015-04-20

▶