CVE-2015-5721 - Vulnerability in MISP (Malware Information Sharing Platform) - potential PHP Object injection vulnerability

CVE-2015-5721 - Vulnerability in MISP (Malware Information Sharing Platform) - potential PHP Object injection vulnerability

  1. Incorrect validation of temporary filenames
  2. Fixes
  3. CVE
  4. Acknowledgement
  5. Classification of this document
  6. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

Incorrect validation of temporary filenames

A bug in MISP Malware Information Sharing Platform introduces a potential PHP Object injection vulnerability from a user input.

Fixes

MISP versions below 2.3.90 are vulnerable. This vulnerability is fixed in version 2.3.90.

CVE

CVE-2015-5721

Acknowledgement

CIRCL would like to thank the reporter (Davy Stoffel from Conostix) for his security review.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 - TLP:WHITE - First version (20150804)