The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.
History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.03152}

epss

{'score': 0.01712}


cve-icon MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2016-05-16T10:00:00

Updated: 2024-08-05T23:47:58.047Z

Reserved: 2016-03-15T00:00:00

Link: CVE-2016-3185

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2016-05-16T10:59:27.677

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-3185

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-02-16T00:00:00Z

Links: CVE-2016-3185 - Bugzilla