Vulnerability in Zend Zend_framework
CVE-2015-5161
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and co…
EPSS: 0.391 (97.4th percentile) — read the EPSS interpretation.
Affected products
- Zend Zend_framework — versions 1.0.0, 1.0.1, 1.0.2
- N/a — versions n/a
References
- secalert@redhat.com (Exploit, x_refsource_MISC)
- FEDORA-2015-13488 (x_refsource_FEDORA, vendor-advisory)
- secalert@redhat.com (Exploit, x_refsource_MISC)
- 76177 (Exploit, vdb-entry, x_refsource_BID)
- FEDORA-2015-13529 (x_refsource_FEDORA, vendor-advisory)
- 37765 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- FEDORA-2015-13314 (x_refsource_FEDORA, vendor-advisory)
- DSA-3340 (vendor-advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- 20150813 Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM (mailing-list, Exploit, x_refsource_FULLDISC)