CVE-2015-8617
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
We have discovered 2,118,713 live websites that are affected by CVE-2015-8617.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 2,118,713 live websites (24.28% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 249 versions ( 45.52% of all versions) |
Details
- Published - Jan 19, 2016
- Updated - Aug 6, 2024
CVE References
CVE-2015-8617 usage by Country
 United States | 526,723 websites |
 Russia | 238,107 websites |
 France | 159,169 websites |
 Germany | 150,036 websites |
 Japan | 125,637 websites |
 Taiwan | 113,278 websites |
 Netherlands | 85,672 websites |
 China | 75,111 websites |
 GB | 43,982 websites |
 Poland | 37,409 websites |
CVE-2015-8617 usage by TLD
| .com | 897,083 websites |
| .ru | 204,079 websites |
| .de | 92,296 websites |
| .net | 78,192 websites |
| .nl | 57,873 websites |
| .fr | 57,620 websites |
| .org | 56,843 websites |
| .jp | 33,546 websites |
| .pl | 31,294 websites |
| .co.uk | 30,911 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2015-8617
Top websites that are affected by CVE-2015-8617. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.org | China | *** | |
| *****.***********.com |  Canada | *** | |
| **********.com | United States | *** | |
| **********.com | United States | *** | |
| ************.***.ar |  Argentina | *,*** | |
| *****.ru | Russia | *,*** | |
| ********.*********.com |  Singapore | *,*** | |
| ******************.com | United States | *,*** | |
| ***.org | United States | *,*** | |
| *********.******.net | United States | *,*** |
FAQ
A total of 2,118,713 websites have been identified as vulnerable to CVE-2015-8617, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2015-8617 vulnerability.
PHP versions before 7.0.1 are vulnerable to CVE-2015-8617.
Version 7.0.1 of PHP addresses the CVE-2015-8617 security vulnerability.