oss-sec mailing list archives
CVE Request: PHP SoapClient's __call() type confusion through unserialize()
From: Andrea Palazzo <andrea.palazzo () truel it>
Date: Fri, 20 Mar 2015 20:35:59 +0100
Hi everyone, I'd like to request a CVE for the PHP Sec Bug #69085. Description:SoapClient's __call() method is prone to a type confusion vulnerability which can be used to gain remote code execution through unsafe unserialize() calls.
Info: https://bugs.php.net/bug.php?id=69085 Thank you, best regards, Andrea
Current thread:
- CVE Request: PHP SoapClient's __call() type confusion through unserialize() Andrea Palazzo (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Moritz Muehlenhoff (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Lior Kaplan (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)