Description
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.2)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.16)
Apache HTTP Server Numeric Errors Vulnerability (CVE-2003-1580)
Moodle Other Vulnerability (CVE-2005-3648)
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)