Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8866

Опубликовано: 21 апр. 2016
Источник: redhat
CVSS3: 3.7
CVSS2: 4.3

Описание

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpWill not fix
Red Hat Enterprise Linux 5php53Will not fix
Red Hat Enterprise Linux 6phpWill not fix
Red Hat Enterprise Linux 7phpWill not fix
Red Hat Software Collectionsphp54-phpWill not fix
Red Hat Software Collectionsphp55-phpWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56FixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-phpFixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-php56-php-pearFixedRHSA-2016:275015.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-php56FixedRHSA-2016:275015.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1330418php: libxml_disable_entity_loader setting is shared between threads

3.7 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8866

CVSS3: 9.6
ubuntu
около 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

nvd логотип

CVE-2015-8866

CVSS3: 9.6
nvd
около 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

debian логотип

CVE-2015-8866

CVSS3: 9.6
debian
около 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...

github логотип

GHSA-x5qj-644j-7xc7

CVSS3: 9.6
github
около 3 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

fstec логотип

BDU:2016-01475

fstec
около 9 лет назад

Уязвимость интерпретатора PHP, позволяющая нарушителю провести XXE- и XXL-атаки

3.7 Low

CVSS3

4.3 Medium

CVSS2