{"vulnerability": "CVE-2015-8835", "sightings": [{"uuid": "a3576229-90d9-4fde-9592-c0c6774ab921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-8835", "type": "seen", "source": "https://t.me/arpsyndicate/646", "content": "#ExploitObserverAlert\n\nCVE-2015-8835\n\nDESCRIPTION: Exploit Observer has 11 entries related to CVE-2015-8835. The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.\n\nFIRST-EPSS: 0.101390000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-28T13:38:13.000000Z"}]}