Description

Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

Remediation

References

CVE-2016-7478

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4360)

WordPress Plugin Fast Secure Contact Form 'index.php' Cross-Site Scripting (3.0.3.1)

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9517)

WordPress Direct Request ('Forced Browsing') Vulnerability (CVE-2005-1688)

Severity

High

Classification

CVE-2016-7478 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities