CVE-2014-4670

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugs.php.net/bug.php?id=67538
http://secunia.com/advisories/59831
http://www.debian.org/security/2014/dsa-3008
http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html
https://support.apple.com/HT204659
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
http://secunia.com/advisories/60696
http://secunia.com/advisories/54553
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*
Information

Published : 2014-07-10 04:06

Updated : 2017-01-06 19:00

NVD link : CVE-2014-4670

Mitre link : CVE-2014-4670

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

php

  • php