Description

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

Remediation

References

CVE-2015-8878

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Product Add-Ons Cross-Site Scripting (2.2.2)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-2610)

WordPress Plugin WolfNet IDX for WordPress Multiple Unspecified Vulnerabilities (1.14.7)

Apache Tomcat CVE-2016-6794 Vulnerability (CVE-2016-6794)

WordPress Plugin WP Mailto Links-Manage Email Links Cross-Site Scripting (2.0.1)

Severity

Medium

Classification

CVE-2015-8878 CWE-362 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities