Description

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

Remediation

References

CVE-2015-3330

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5432)

MySQL CVE-2019-2785 Vulnerability (CVE-2019-2785)

WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)

Jenkins Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2020-2105)

MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4097)

Severity

Medium

Classification

CVE-2015-3330 CWE-20

Tags

Missing Update Known Vulnerabilities