What is CVE-2015-4024?

CVE-2015-4024 is a vulnerability in Apple Mac_os_x, classified under CWE-399. Published 2015-06-09.

Is CVE-2015-4024 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2015-4024

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via cr…

EPSS: 0.696 (98.7th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Hp System_management_homepage
Oracle Linux — versions 6, 7
Oracle Solaris — versions 11.2
Php — versions 5.4.39, 5.5.0, 5.5.1
Redhat Enterprise_linux — versions 6.0, 7.0
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_hpc_node — versions 7.0
Redhat Enterprise_linux_hpc_node_eus — versions 7.1
Redhat Enterprise_linux_server — versions 7.0

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

RHSA-2015:1187 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
RHSA-2015:1186 (x_refsource_REDHAT, vendor-advisory)
74903 (vdb-entry, x_refsource_BID)
1032432 (vdb-entry, x_refsource_SECTRACK)
RHSA-2015:1219 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
openSUSE-SU-2015:0993 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
cve@mitre.org (x_refsource_CONFIRM, Patch)

Frequently asked questions

What is CVE-2015-4024?: CVE-2015-4024 is a vulnerability in Apple Mac_os_x, classified under CWE-399. Published 2015-06-09.
Is CVE-2015-4024 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.