2 matches found
CVE-2014-1439
The libxmldisableentityloader function in runtime/ext/extsimplexml.cpp in HipHop Virtual Machine for PHP HHVM before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity XXE attacks...
CVE-2014-1439
The CVE-2014-1439 entry concerns HHVM (HipHop Virtual Machine for PHP). The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp does not properly disable a certain libxml handler, enabling XML External Entity (XXE) attacks. Affected versions are HHVM before 2.4.0 and 2.3.x befo...