[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3340-1 zendframework -- zendframework

ID: oval:org.secpod.oval:def:602208Date: (C)2015-08-28   (M)2023-11-10
Class: PATCHFamily: unix




Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data.

Platform:
Debian 8.x
Debian 7.x
Product:
zendframework
Reference:
DSA-3340-1
CVE-2015-5161
CVE    1
CVE-2015-5161
CPE    3
cpe:/o:debian:debian_linux:7.x
cpe:/o:debian:debian_linux:8.x
cpe:/a:zend:framework

© SecPod Technologies