QwikSec

Security Database

CVE

CWE

Training

CVE-2016-3185

Published: May 16, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.php.net/bug.php?id=71610

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2016:1173

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1166

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

http://php.net/ChangeLog-5.php

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=eaf4e77190d402ea014207e9a7d5da1a4f3727ba

x_refsource_CONFIRM

http://php.net/ChangeLog-7.php

x_refsource_CONFIRM

https://bugs.php.net/bug.php?id=70081

x_refsource_CONFIRM

openSUSE-SU-2016:1167

vendor-advisory

x_refsource_SUSE

SUSE-SU-2016:1145

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.