Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-9253

Good to know:

icon
icon

Date: February 19, 2018

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.

Language: C

Severity Score

Related Resources (10)

https://www.futureweb.at/security/CVE-2015-9253/
https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22
https://usn.ubuntu.com/3766-1/
https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287
https://bugs.php.net/bug.php?id=75968
https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8
https://usn.ubuntu.com/4279-1/
https://bugs.php.net/bug.php?id=70185
https://nvd.nist.gov/vuln/detail/CVE-2015-9253
https://www.mend.io/vulnerability-database/CVE-2015-9253

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version php-fpm - 7.2.3-2;php-fpm - 7.2.8-1;php71-fpm - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us