Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-3515
Description:The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
Test IDs: 1.3.6.1.4.1.25623.1.0.702974   1.3.6.1.4.1.25623.1.0.123340  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-3515
BugTraq ID: 68237
http://www.securityfocus.com/bid/68237
Debian Security Information: DSA-2974 (Google Search)
http://www.debian.org/security/2014/dsa-2974
HPdes Security Advisory: HPSBUX03102
http://marc.info/?l=bugtraq&m=141017844705317&w=2
HPdes Security Advisory: SSRT101681
http://marc.info/?l=bugtraq&m=141017844705317&w=2
RedHat Security Advisories: RHSA-2014:1765
http://rhn.redhat.com/errata/RHSA-2014-1765.html
RedHat Security Advisories: RHSA-2014:1766
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59794
http://secunia.com/advisories/59831
http://secunia.com/advisories/60998
SuSE Security Announcement: openSUSE-SU-2014:1236 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html




© 1998-2021 E-Soft Inc. All rights reserved.