Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8866

Опубликовано: 22 мая 2016
Источник: debian
EPSS Низкий

Описание

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5fixed5.6.6+dfsg-1package

Примечания

  • https://bugs.php.net/bug.php?id=64938

  • https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817

  • http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161

  • https://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9

  • Fixed in 5.6.6, 5.5.22

  • https://www.openwall.com/lists/oss-security/2016/04/21/8

EPSS

Процентиль: 91%
0.0657
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-8866

CVSS3: 9.6
ubuntu
около 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

redhat логотип

CVE-2015-8866

CVSS3: 3.7
redhat
около 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

nvd логотип

CVE-2015-8866

CVSS3: 9.6
nvd
около 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

github логотип

GHSA-x5qj-644j-7xc7

CVSS3: 9.6
github
около 3 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

fstec логотип

BDU:2016-01475

fstec
около 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю провести XXE- и XXL-атаки

EPSS

Процентиль: 91%
0.0657
Низкий