CVE-2015-3330

Impact:
Important
Public Date:
2015-04-16
CWE:
CWE-665
Bugzilla:
1213394: CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4
A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code.

Find out more about CVE-2015-3330 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect PHP packages as shipped with Red Hat Enterprise Linux 5 and 6.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-php56-php) RHSA-2015:1187 2015-06-25
Red Hat Software Collections for Red Hat Enterprise Linux 7 (php55-php) RHSA-2015:1186 2015-06-25
Red Hat Enterprise Linux 7 (php) RHSA-2015:1135 2015-06-23
Red Hat Software Collections for Red Hat Enterprise Linux 7 (php54-php) RHSA-2015:1066 2015-06-04
Red Hat Software Collections for Red Hat Enterprise Linux 6 (php55-php) RHSA-2015:1186 2015-06-25
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-php56-php) RHSA-2015:1187 2015-06-25
Red Hat Software Collections for Red Hat Enterprise Linux 6 (php54-php) RHSA-2015:1066 2015-06-04

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 php Not affected
Red Hat Enterprise Linux 5 php Not affected
Red Hat Enterprise Linux 5 php53 Not affected
Last Modified