CVE-2015-4148

Name: CVE-2015-4148
Creator: NVD / NIST
Published: 2015-06-09T18:59:10.487+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 18.93%

Last modified Jun 17, 2026

CVE-2015-4148 is a vulnerability of currently unknown severity. The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.. EPSS estimates a 18.93% chance of exploitation in the next 30 days.

Description

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.

Metrics

EPSS Probability

18.93%

96.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions	Update
Apple	Mac Os X	<= 10.10.4	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Hpc Node	7.0	—
Redhat	Enterprise Linux Hpc Node Eus	7.1	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Server Eus	7.1	—
Redhat	Enterprise Linux Workstation	7.0	—
Php	Php	<= 5.4.38	—
Php	Php	5.5.0	—
Php	Php	5.5.1	—
Php	Php	5.5.2	—
Php	Php	5.5.3	—
Php	Php	5.5.4	—
Php	Php	5.5.5	—
Php	Php	5.5.6	—
Php	Php	5.5.7	—
Php	Php	5.5.8	—
Php	Php	5.5.9	—
Php	Php	5.5.10	—
Php	Php	5.5.11	—
Php	Php	5.5.12	—
Php	Php	5.5.13	—
Php	Php	5.5.14	—
Php	Php	5.5.18	—
Php	Php	5.5.19	—
Php	Php	5.5.20	—
Php	Php	5.5.21	—
Php	Php	5.5.22	—
Php	Php	5.6.0	Alpha1
Php	Php	5.6.2	—
Php	Php	5.6.3	—
Php	Php	5.6.4	—
Php	Php	5.6.5	—
Php	Php	5.6.6	—

References

Timeline

Published: Jun 9, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-4148?

How severe is CVE-2015-4148?

Severity scoring for CVE-2015-4148 is pending analysis. The EPSS model estimates a 18.93% probability of exploitation in the next 30 days.

How do I fix CVE-2015-4148?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-4148?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST