CVE-2015-4599

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a type confusion issue.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	*	5.4.39 (including)
Php	Php	5.5.0 (including)	5.5.0 (including)
Php	Php	5.5.1 (including)	5.5.1 (including)
Php	Php	5.5.2 (including)	5.5.2 (including)
Php	Php	5.5.3 (including)	5.5.3 (including)
Php	Php	5.5.4 (including)	5.5.4 (including)
Php	Php	5.5.5 (including)	5.5.5 (including)
Php	Php	5.5.6 (including)	5.5.6 (including)
Php	Php	5.5.7 (including)	5.5.7 (including)
Php	Php	5.5.8 (including)	5.5.8 (including)
Php	Php	5.5.9 (including)	5.5.9 (including)
Php	Php	5.5.10 (including)	5.5.10 (including)
Php	Php	5.5.11 (including)	5.5.11 (including)
Php	Php	5.5.12 (including)	5.5.12 (including)
Php	Php	5.5.13 (including)	5.5.13 (including)
Php	Php	5.5.14 (including)	5.5.14 (including)
Php	Php	5.5.15 (including)	5.5.15 (including)
Php	Php	5.5.16 (including)	5.5.16 (including)
Php	Php	5.5.17 (including)	5.5.17 (including)
Php	Php	5.5.18 (including)	5.5.18 (including)
Php	Php	5.5.19 (including)	5.5.19 (including)
Php	Php	5.5.20 (including)	5.5.20 (including)
Php	Php	5.5.21 (including)	5.5.21 (including)
Php	Php	5.5.22 (including)	5.5.22 (including)
Php	Php	5.5.23 (including)	5.5.23 (including)
Php	Php	5.6.0 (including)	5.6.0 (including)
Php	Php	5.6.1 (including)	5.6.1 (including)
Php	Php	5.6.2 (including)	5.6.2 (including)
Php	Php	5.6.3 (including)	5.6.3 (including)
Php	Php	5.6.4 (including)	5.6.4 (including)
Php	Php	5.6.5 (including)	5.6.5 (including)
Php	Php	5.6.6 (including)	5.6.6 (including)
Php	Php	5.6.7 (including)	5.6.7 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-4599
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References