Description
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6332)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.33)
WordPress Plugin WP-Spreadplugin Cross-Site Scripting (3.8.6)
Ruby Improper Authentication Vulnerability (CVE-2007-5162)
Internet Information Services Other Vulnerability (CVE-2001-0333)