VDB

GCVE-110-MAGEIA-2015-371

GCVE-110-MAGEIA-2015-371
Advisory Published
Vulnetix · Advisory published September 15, 2015
Updated php-ZendFramework and php-ZendFramework2 packages fix security vulnerability: Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data (CVE-2015-5161).

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-ZendFramework22.4.7-1.mga5 (unaffected), 0 (affected)
Mageiaphp-ZendFramework0 (affected), 1.12.15-1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›