Back to search
CVE-2015-5161
Published: Aug 25, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2015-13488
vendor-advisory
x_refsource_FEDORA
http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt
x_refsource_MISC
76177
vdb-entry
x_refsource_BID
FEDORA-2015-13529
vendor-advisory
x_refsource_FEDORA
37765
exploit
x_refsource_EXPLOIT-DB
FEDORA-2015-13314
vendor-advisory
x_refsource_FEDORA
DSA-3340
vendor-advisory
x_refsource_DEBIAN
http://framework.zend.com/security/advisory/ZF2015-06
x_refsource_CONFIRM
20150813 Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now