ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
20 Jul 2022, 16:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_module_for_web_scripting:12:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* |
|
CWE | CWE-611 | |
References | (CONFIRM) http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9 - Broken Link, Vendor Advisory | |
References | (CONFIRM) https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817 - Issue Tracking, Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2016/04/24/1 - Mailing List, Patch, Third Party Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=64938 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | (CONFIRM) http://www.php.net/ChangeLog-5.php - Release Notes, Vendor Advisory |
Information
Published : 2016-05-22 01:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-8866
Mitre link : CVE-2015-8866
CVE.ORG link : CVE-2015-8866
JSON object : View
Products Affected
suse
- linux_enterprise_module_for_web_scripting
- linux_enterprise_software_development_kit
opensuse
- opensuse
- leap
canonical
- ubuntu_linux
php
- php
CWE
CWE-611
Improper Restriction of XML External Entity Reference