Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2015-9253 |
CWE-ID | CWE-400 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
php7 (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU10880
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-9253
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the php-fpm master process due to improper processing of crafted PHP scripts. A remote attacker can send a specially crafted PHP script, trigger the php-fpm master process to restart a child process and cause the php-fpm master process the php-fpm master process to consume all available CPU resources and excessive amounts of disk space that results in denial of service.
Install update from vendor's website.
Vulnerable software versionsphp7 (Alpine package): 7.0.7-r0 - 7.2.7-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=583c0d55e9e7208425dd53eb1739a7010b6b0dbc
http://git.alpinelinux.org/aports/commit/?id=7c1daf27a04307093cef0fcb3f1c5ab4bb68eee1
http://git.alpinelinux.org/aports/commit/?id=797bba4604043977849b0c0cf0b2ef7b21b1ea8c
http://git.alpinelinux.org/aports/commit/?id=38460e57f1f299ba2454aa7869c699f1ab333ca1
http://git.alpinelinux.org/aports/commit/?id=e926d392a07679544bce3f4b6c80437ce08b92b5
http://git.alpinelinux.org/aports/commit/?id=736eba37f03f8a66f0c893cd64eb88e4bf229119
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.