CVE-2015-2171

CVE-2015-2171

Name

CVE-2015-2171

Description

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	http://www.slimframework.com/2015/03/01/version-260.html
FULLDISC	http://seclists.org/fulldisclosure/2015/Mar/16
CONFIRM	https://github.com/slimphp/Slim/issues/1034
BID	http://www.securityfocus.com/bid/70087

Type

URI

Vendor Advisory

http://www.slimframework.com/2015/03/01/version-260.html

FULLDISC

http://seclists.org/fulldisclosure/2015/Mar/16

CONFIRM

https://github.com/slimphp/Slim/issues/1034

BID

http://www.securityfocus.com/bid/70087

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:slimframework:slim::::::::`	slim	>= None	<= 2.5.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:slimframework:slim:*:*:*:*:*:*:*:*

slim

>= None

<= 2.5.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
slim	3.14-community	1.3.6-r11	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
slim	3.15-community	1.3.6-r11	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
slim	3.16-community	1.3.6-r12	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
slim	3.17-community	1.3.6-r12	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
slim	edge-community	1.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
slim	3.18-community	1.4.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

slim

3.14-community

1.3.6-r11

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

slim

3.15-community