oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize()

From: Tomas Hoger <thoger () redhat com>
Date: Thu, 9 Apr 2015 10:45:47 +0200
On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:


Hi everyone,
I'd like to request a CVE for the PHP Sec Bug #69085.

Description:
SoapClient's __call() method is prone to a type confusion
vulnerability which can be used to gain remote code execution through
unsafe unserialize() calls.

Info:
https://bugs.php.net/bug.php?id=69085


Re-sending with cve-assign@ CC.

-- 
Tomas Hoger / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: