Description

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.

Remediation

References

CVE-2016-9138

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3568)

WordPress Plugin Computer Repair Shop Cross-Site Scripting (1.0)

WordPress Plugin VikBooking Hotel Booking Engine & PMS Cross-Site Scripting (1.5.8)

WordPress Plugin WP Reactions Lite Cross-Site Scripting (1.3.5)

Joomla! Core Security Bypass (1.5.0 - 3.8.12)

Severity

Critical

Classification

CVE-2016-9138 CWE-416 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities