CVE-2016-3185

Published on: 05/16/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Certain versions of Php from Php contain the following vulnerability:

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.

  • CVE-2016-3185 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE HIGH

CVSS2 Score: 6.4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE PARTIAL

CVE References

Description Tags Link
208.43.231.11 Git - php-src.git/commit git.php.net
text/xml
URL Logo CONFIRM git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
[security-announce] SUSE-SU-2016:1145-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1145
PHP :: Sec Bug #71610 :: Type Confusion Vulnerability - SOAP / make_http_soap_request() Exploit
bugs.php.net
text/html
URL Logo CONFIRM bugs.php.net/bug.php?id=71610
PHP 'soap/php_http.c' Type Confusion Remote Denial Of Service Vulnerability cve.report (archive)
text/html
URL Logo BID 84307
USN-2952-2: PHP regression | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2952-2
PHP :: Sec Bug #70081 :: SoapClient info leak / null pointer dereference via multiple type confusions Exploit
bugs.php.net
text/html
URL Logo CONFIRM bugs.php.net/bug.php?id=70081
PHP: PHP 7 ChangeLog php.net
text/html
URL Logo CONFIRM php.net/ChangeLog-7.php
[security-announce] SUSE-SU-2016:1166-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1166
USN-2952-1: PHP vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2952-1
[security-announce] openSUSE-SU-2016:1173-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1173
PHP: PHP 5 ChangeLog php.net
text/html
URL Logo CONFIRM php.net/ChangeLog-5.php
[security-announce] openSUSE-SU-2016:1167-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1167

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationPhpPhp5.5.0AllAllAll
ApplicationPhpPhp5.5.0alpha1AllAll
ApplicationPhpPhp5.5.0alpha2AllAll
ApplicationPhpPhp5.5.0alpha3AllAll
ApplicationPhpPhp5.5.0alpha4AllAll
ApplicationPhpPhp5.5.0alpha5AllAll
ApplicationPhpPhp5.5.0alpha6AllAll
ApplicationPhpPhp5.5.0beta1AllAll
ApplicationPhpPhp5.5.0beta2AllAll
ApplicationPhpPhp5.5.0beta3AllAll
ApplicationPhpPhp5.5.0beta4AllAll
ApplicationPhpPhp5.5.0rc1AllAll
ApplicationPhpPhp5.5.0rc2AllAll
ApplicationPhpPhp5.5.1AllAllAll
ApplicationPhpPhp5.5.10AllAllAll
ApplicationPhpPhp5.5.11AllAllAll
ApplicationPhpPhp5.5.12AllAllAll
ApplicationPhpPhp5.5.13AllAllAll
ApplicationPhpPhp5.5.14AllAllAll
ApplicationPhpPhp5.5.15AllAllAll
ApplicationPhpPhp5.5.16AllAllAll
ApplicationPhpPhp5.5.17AllAllAll
ApplicationPhpPhp5.5.18AllAllAll
ApplicationPhpPhp5.5.19AllAllAll
ApplicationPhpPhp5.5.2AllAllAll
ApplicationPhpPhp5.5.20AllAllAll
ApplicationPhpPhp5.5.21AllAllAll
ApplicationPhpPhp5.5.22AllAllAll
ApplicationPhpPhp5.5.23AllAllAll
ApplicationPhpPhp5.5.24AllAllAll
ApplicationPhpPhp5.5.25AllAllAll
ApplicationPhpPhp5.5.26AllAllAll
ApplicationPhpPhp5.5.27AllAllAll
ApplicationPhpPhp5.5.3AllAllAll
ApplicationPhpPhp5.5.4AllAllAll
ApplicationPhpPhp5.5.5AllAllAll
ApplicationPhpPhp5.5.6AllAllAll
ApplicationPhpPhp5.5.7AllAllAll
ApplicationPhpPhp5.5.8AllAllAll
ApplicationPhpPhp5.5.9AllAllAll
ApplicationPhpPhp5.6.0alpha1AllAll
ApplicationPhpPhp5.6.0alpha2AllAll
ApplicationPhpPhp5.6.0alpha3AllAll
ApplicationPhpPhp5.6.0alpha4AllAll
ApplicationPhpPhp5.6.0alpha5AllAll
ApplicationPhpPhp5.6.0beta1AllAll
ApplicationPhpPhp5.6.0beta2AllAll
ApplicationPhpPhp5.6.0beta3AllAll
ApplicationPhpPhp5.6.0beta4AllAll
ApplicationPhpPhp5.6.1AllAllAll
ApplicationPhpPhp5.6.10AllAllAll
ApplicationPhpPhp5.6.11AllAllAll
ApplicationPhpPhp5.6.2AllAllAll
ApplicationPhpPhp5.6.3AllAllAll
ApplicationPhpPhp5.6.4AllAllAll
ApplicationPhpPhp5.6.5AllAllAll
ApplicationPhpPhp5.6.6AllAllAll
ApplicationPhpPhp5.6.7AllAllAll
ApplicationPhpPhp5.6.8AllAllAll
ApplicationPhpPhp5.6.9AllAllAll
ApplicationPhpPhp7.0.0AllAllAll
ApplicationPhpPhp7.0.1AllAllAll
ApplicationPhpPhp7.0.2AllAllAll
ApplicationPhpPhp7.0.3AllAllAll
ApplicationPhpPhp5.5.0AllAllAll
ApplicationPhpPhp5.5.0alpha1AllAll
ApplicationPhpPhp5.5.0alpha2AllAll
ApplicationPhpPhp5.5.0alpha3AllAll
ApplicationPhpPhp5.5.0alpha4AllAll
ApplicationPhpPhp5.5.0alpha5AllAll
ApplicationPhpPhp5.5.0alpha6AllAll
ApplicationPhpPhp5.5.0beta1AllAll
ApplicationPhpPhp5.5.0beta2AllAll
ApplicationPhpPhp5.5.0beta3AllAll
ApplicationPhpPhp5.5.0beta4AllAll
ApplicationPhpPhp5.5.0rc1AllAll
ApplicationPhpPhp5.5.0rc2AllAll
ApplicationPhpPhp5.5.1AllAllAll
ApplicationPhpPhp5.5.10AllAllAll
ApplicationPhpPhp5.5.11AllAllAll
ApplicationPhpPhp5.5.12AllAllAll
ApplicationPhpPhp5.5.13AllAllAll
ApplicationPhpPhp5.5.14AllAllAll
ApplicationPhpPhp5.5.15AllAllAll
ApplicationPhpPhp5.5.16AllAllAll
ApplicationPhpPhp5.5.17AllAllAll
ApplicationPhpPhp5.5.18AllAllAll
ApplicationPhpPhp5.5.19AllAllAll
ApplicationPhpPhp5.5.2AllAllAll
ApplicationPhpPhp5.5.20AllAllAll
ApplicationPhpPhp5.5.21AllAllAll
ApplicationPhpPhp5.5.22AllAllAll
ApplicationPhpPhp5.5.23AllAllAll
ApplicationPhpPhp5.5.24AllAllAll
ApplicationPhpPhp5.5.25AllAllAll
ApplicationPhpPhp5.5.26AllAllAll
ApplicationPhpPhp5.5.27AllAllAll
ApplicationPhpPhp5.5.3AllAllAll
ApplicationPhpPhp5.5.4AllAllAll
ApplicationPhpPhp5.5.5AllAllAll
ApplicationPhpPhp5.5.6AllAllAll
ApplicationPhpPhp5.5.7AllAllAll
ApplicationPhpPhp5.5.8AllAllAll
ApplicationPhpPhp5.5.9AllAllAll
ApplicationPhpPhp5.6.0alpha1AllAll
ApplicationPhpPhp5.6.0alpha2AllAll
ApplicationPhpPhp5.6.0alpha3AllAll
ApplicationPhpPhp5.6.0alpha4AllAll
ApplicationPhpPhp5.6.0alpha5AllAll
ApplicationPhpPhp5.6.0beta1AllAll
ApplicationPhpPhp5.6.0beta2AllAll
ApplicationPhpPhp5.6.0beta3AllAll
ApplicationPhpPhp5.6.0beta4AllAll
ApplicationPhpPhp5.6.1AllAllAll
ApplicationPhpPhp5.6.10AllAllAll
ApplicationPhpPhp5.6.11AllAllAll
ApplicationPhpPhp5.6.2AllAllAll
ApplicationPhpPhp5.6.3AllAllAll
ApplicationPhpPhp5.6.4AllAllAll
ApplicationPhpPhp5.6.5AllAllAll
ApplicationPhpPhp5.6.6AllAllAll
ApplicationPhpPhp5.6.7AllAllAll
ApplicationPhpPhp5.6.8AllAllAll
ApplicationPhpPhp5.6.9AllAllAll
ApplicationPhpPhp7.0.0AllAllAll
ApplicationPhpPhp7.0.1AllAllAll
ApplicationPhpPhp7.0.2AllAllAll
ApplicationPhpPhp7.0.3AllAllAll
ApplicationPhpPhpAllAllAllAll
  • cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*: