Search for vulnerabilities
Vulnerability details: VCID-a95k-47kr-aaaa
Vulnerability ID VCID-a95k-47kr-aaaa
Aliases CVE-2016-4070
Summary ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)."
Status Disputed
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
generic_textual Medium http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
ssvc Track http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4070.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2016-2750.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:2750
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4070.json
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.05381 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.0539 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.07712 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.11172 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.24230 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.24230 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.24230 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.24230 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
epss 0.30739 https://api.first.org/data/v1/epss?cve=CVE-2016-4070
ssvc Track https://bugs.php.net/bug.php?id=71798
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1323114
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4070
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4071
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4072
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4073
cvssv2 2.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=95433e8e339dbb6b5d5541473c1661db6ba2c451
ssvc Track https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
cvssv3.1 8.1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
ssvc Track https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
cvssv3.1 8.1 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
ssvc Track https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2016-4070
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-4070
generic_textual Medium https://support.apple.com/HT206567
ssvc Track https://support.apple.com/HT206567
generic_textual Medium https://ubuntu.com/security/notices/USN-2952-1
generic_textual Low https://ubuntu.com/security/notices/USN-2984-1
ssvc Track http://www.debian.org/security/2016/dsa-3560
generic_textual Medium http://www.openwall.com/lists/oss-security/2016/04/11/7
ssvc Track http://www.openwall.com/lists/oss-security/2016/04/24/1
generic_textual Low http://www.php.net/ChangeLog-5.php
ssvc Track http://www.php.net/ChangeLog-5.php
ssvc Track http://www.php.net/ChangeLog-7.php
ssvc Track http://www.securityfocus.com/bid/85801
ssvc Track http://www.ubuntu.com/usn/USN-2952-1
ssvc Track http://www.ubuntu.com/usn/USN-2952-2
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4070.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4070.json
https://api.first.org/data/v1/epss?cve=CVE-2016-4070
https://bugs.php.net/bug.php?id=71798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4073
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=95433e8e339dbb6b5d5541473c1661db6ba2c451
https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://support.apple.com/HT206567
https://ubuntu.com/security/notices/USN-2952-1
https://ubuntu.com/security/notices/USN-2984-1
http://www.debian.org/security/2016/dsa-3560
http://www.openwall.com/lists/oss-security/2016/04/11/7
http://www.openwall.com/lists/oss-security/2016/04/24/1
http://www.php.net/ChangeLog-5.php
http://www.php.net/ChangeLog-7.php
http://www.securityfocus.com/bid/85801
http://www.ubuntu.com/usn/USN-2952-1
http://www.ubuntu.com/usn/USN-2952-2
1323114 https://bugzilla.redhat.com/show_bug.cgi?id=1323114
835032 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835032
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.19:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*
CVE-2016-4070 https://nvd.nist.gov/vuln/detail/CVE-2016-4070
RHSA-2016:2750 https://access.redhat.com/errata/RHSA-2016:2750
USN-2984-1 https://usn.ubuntu.com/2984-1/
No exploits are available.
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-2750.html
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4070.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at https://bugs.php.net/bug.php?id=71798
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=95433e8e339dbb6b5d5541473c1661db6ba2c451
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-4070
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-4070
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at https://support.apple.com/HT206567
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://www.debian.org/security/2016/dsa-3560
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://www.openwall.com/lists/oss-security/2016/04/24/1
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://www.php.net/ChangeLog-5.php
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://www.php.net/ChangeLog-7.php
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://www.securityfocus.com/bid/85801
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://www.ubuntu.com/usn/USN-2952-1
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-18T16:23:36Z/ Found at http://www.ubuntu.com/usn/USN-2952-2
Exploit Prediction Scoring System (EPSS)
Percentile 0.89143
EPSS Score 0.05381
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-09-21T22:51:22.483140+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2016-4070 34.0.1