Description
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.
Remediation
References
Related Vulnerabilities
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-3078)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0057)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.5)
Roundcube Unspesificed Vulnerability (CVE-2019-10740)
WordPress Plugin BP Profile Search PHP Object Injection (4.5.3)