Search for vulnerabilities
Vulnerability details: VCID-ga1y-kh3b-aaan
Vulnerability ID VCID-ga1y-kh3b-aaan
Aliases CVE-2015-7804
Summary CVE-2015-7804 php: uninitialized pointer in phar_make_dirstream()
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-822 Untrusted Pointer Dereference
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7804.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:0457
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.04843 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.06597 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.12329 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.15126 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.15126 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.15126 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.15126 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.15126 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.21007 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
epss 0.24979 https://api.first.org/data/v1/epss?cve=CVE-2015-7804
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1271088
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2015-7804
generic_textual Low https://ubuntu.com/security/notices/USN-2786-1
generic_textual Low http://www.php.net/ChangeLog-5.php
Reference id Reference type URL
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1ddf72180a52d247db88ea42a3e35f824a8fbda1
http://git.php.net/?p=php-src.git;a=commit;h=1ddf72180a52d247db88ea42a3e35f824a8fbda1
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7804.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7804.json
https://api.first.org/data/v1/epss?cve=CVE-2015-7804
https://bugs.php.net/bug.php?id=70433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804
https://security.gentoo.org/glsa/201606-10
https://support.apple.com/HT205637
https://ubuntu.com/security/notices/USN-2786-1
http://www.debian.org/security/2015/dsa-3380
http://www.openwall.com/lists/oss-security/2015/10/05/8
http://www.php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/76959
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720
http://www.ubuntu.com/usn/USN-2786-1
1271088 https://bugzilla.redhat.com/show_bug.cgi?id=1271088
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
CVE-2015-7804 https://nvd.nist.gov/vuln/detail/CVE-2015-7804
RHSA-2016:0457 https://access.redhat.com/errata/RHSA-2016:0457
USN-2786-1 https://usn.ubuntu.com/2786-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-7804
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92115
EPSS Score 0.04177
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.