CVE-2016-4473

EUVD-2016-5460
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code.  NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
phpphp
5.6.0:alpha1
phpphp
5.6.0:alpha2
phpphp
5.6.0:alpha3
phpphp
5.6.0:alpha4
phpphp
5.6.0:alpha5
phpphp
5.6.0:beta1
phpphp
5.6.0:beta2
phpphp
5.6.0:beta3
phpphp
5.6.0:beta4
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
phpphp
5.6.10
phpphp
5.6.11
phpphp
5.6.12
phpphp
5.6.13
phpphp
5.6.14
phpphp
5.6.15
phpphp
5.6.16
phpphp
5.6.17
phpphp
5.6.18
phpphp
5.6.19
phpphp
5.6.20
phpphp
5.6.21
phpphp
5.6.22
phpphp
7.0.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
precise
not-affected
trusty
not-affected
xenial
dne
php7.0
precise
dne
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00007.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.securityfocus.com/bid/98999
https://bugzilla.redhat.com/show_bug.cgi?id=1347772
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00007.html
http://rhn.redhat.com/errata/RHSA-2016-2750.html
http://www.securityfocus.com/bid/98999
https://bugzilla.redhat.com/show_bug.cgi?id=1347772