Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-k2u2-ddnx-zya3
Vulnerability ID VCID-k2u2-ddnx-zya3
Aliases CVE-2015-6835
Summary php: use-after-free vulnerability in session deserializer
Status Published
Exploitability 2.0
Weighted Severity 0.2
Risk 0.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.226 https://api.first.org/data/v1/epss?cve=CVE-2015-6835
epss 0.226 https://api.first.org/data/v1/epss?cve=CVE-2015-6835
epss 0.226 https://api.first.org/data/v1/epss?cve=CVE-2015-6835
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6835.json
https://api.first.org/data/v1/epss?cve=CVE-2015-6835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838
1260647 https://bugzilla.redhat.com/show_bug.cgi?id=1260647
CVE-2015-6835;OSVDB-126962 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/38123.txt
GLSA-201606-10 https://security.gentoo.org/glsa/201606-10
RHSA-2016:0457 https://access.redhat.com/errata/RHSA-2016:0457
USN-2758-1 https://usn.ubuntu.com/2758-1/
Data source Exploit-DB
Date added Sept. 9, 2015
Description PHP Session Deserializer - Use-After-Free
Ransomware campaign use Known
Source publication date Sept. 9, 2015
Exploit type dos
Platform php
Source update date Sept. 9, 2015
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.95955
EPSS Score 0.226
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T18:13:00.276034+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6835.json 38.6.0