'Re: [oss-security] CVE Request: PHP SoapClient's __call() type confusion through unserialize()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: PHP SoapClient's __call() type confusion through unserialize()
From:       Tomas Hoger <thoger () redhat ! com>
Date:       2015-04-09 8:45:47
Message-ID: 20150409104547.265bcb6b () redhat ! com
[Download RAW message or body]

On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:

> Hi everyone,
> I'd like to request a CVE for the PHP Sec Bug #69085.
> 
> Description:
> SoapClient's __call() method is prone to a type confusion
> vulnerability which can be used to gain remote code execution through
> unsafe unserialize() calls.
> 
> Info:
> https://bugs.php.net/bug.php?id=69085

Re-sending with cve-assign@ CC.

-- 
Tomas Hoger / Red Hat Product Security
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic