UBUNTU-CVE-2015-10141

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2015-10141
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-10141
Upstream
Published
2025-07-23T14:15:00Z
Modified
2026-05-20T16:03:09.073881844Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.

References

Affected packages

Ubuntu:16.04:LTS
xdebug

Package

Name
xdebug
Purl
pkg:deb/ubuntu/xdebug?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.3.3-1ubuntu1
2.3.3-2
2.3.3-3
2.4.0~rc3-1
2.4.0~rc4-1
2.4.0~rc4-1ubuntu1
2.4.0-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-xdebug",
            "binary_version": "2.4.0-1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json"
Ubuntu:18.04:LTS
xdebug

Package

Name
xdebug
Purl
pkg:deb/ubuntu/xdebug?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.5.5-3
2.6.0-0ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-xdebug",
            "binary_version": "2.6.0-0ubuntu1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json"
Ubuntu:20.04:LTS
xdebug

Package

Name
xdebug
Purl
pkg:deb/ubuntu/xdebug?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.7.2+2.5.5-1build1
2.9.2+2.8.1+2.5.5-1
2.9.2+2.8.1+2.5.5-1build1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-xdebug",
            "binary_version": "2.9.2+2.8.1+2.5.5-1build1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json"
Ubuntu:22.04:LTS
xdebug

Package

Name
xdebug
Purl
pkg:deb/ubuntu/xdebug?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.0.3+2.9.8+2.8.1+2.5.5-0+deb11u1build1
3.0.3+2.9.8+2.8.1+2.5.5-0+deb11u1build2
3.1.1+2.9.8+2.8.1+2.5.5-3
3.1.2+2.9.8+2.8.1+2.5.5-3
3.1.2+2.9.8+2.8.1+2.5.5-4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-xdebug",
            "binary_version": "3.1.2+2.9.8+2.8.1+2.5.5-4"
        },
        {
            "binary_name": "php8.1-xdebug",
            "binary_version": "3.1.2+2.9.8+2.8.1+2.5.5-4"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json"
Ubuntu:24.04:LTS
xdebug

Package

Name
xdebug
Purl
pkg:deb/ubuntu/xdebug?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.2.0+3.1.6+2.9.8+2.8.1+2.5.5-3build1
3.2.0+3.1.6+2.9.8+2.8.1+2.5.5-3ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-xdebug",
            "binary_version": "3.2.0+3.1.6+2.9.8+2.8.1+2.5.5-3ubuntu1"
        },
        {
            "binary_name": "php8.3-xdebug",
            "binary_version": "3.2.0+3.1.6+2.9.8+2.8.1+2.5.5-3ubuntu1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json"
Ubuntu:25.10
xdebug

Package

Name
xdebug
Purl
pkg:deb/ubuntu/xdebug?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.4.2-1
3.4.3-1
3.4.5-1
3.4.5-2
3.4.5-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-xdebug",
            "binary_version": "3.4.5-3"
        },
        {
            "binary_name": "php8.4-xdebug",
            "binary_version": "3.4.5-3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json"
Ubuntu:26.04:LTS
xdebug

Package

Name
xdebug
Purl
pkg:deb/ubuntu/xdebug?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.4.5-3
3.5.0-0ubuntu3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "php-xdebug",
            "binary_version": "3.5.0-0ubuntu3"
        },
        {
            "binary_name": "php8.5-xdebug",
            "binary_version": "3.5.0-0ubuntu3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-10141.json"