161 matches found
CVE-2017-5644
CVE-2017-5644 affects Apache POI: versions prior to 3.15 are vulnerable to an XML Entity Expansion (XEE) denial of service via a specially crafted OOXML file, causing high CPU usage. Documented impact is a CPU consumption DoS rather than code execution. Public references in the connected material...
CVE-2017-5644
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...
XML Entity Expansion (XEE)
Jersey common is vulnerable to billion laugh attacks. These attacks are possible because it does not disable XML Entity Expansion XEE...
CVE-2015-8866
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...
CVE-2015-8866
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...
CVE-2015-8866
CVE-2015-8866 describes a XXE/XEE vulnerability in PHP when using PHP-FPM, where libxml_disable_entity_loader changes are shared across threads, allowing crafted XML to exploit libxml. Affected versions include PHP prior to 5.5.22 and 5.6.x prior to 5.6.6; the issue stems from insufficient isolat...
UBNT Bug Bounty #2 - XML External Entity Vulnerability
Document Title: =============== UBNT Bug Bounty 2 - XML External Entity Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1466 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ==================================== 1466...
UBNT Bug Bounty #2 - XML External Entity Vulnerability
Document Title: =============== UBNT Bug Bounty 2 - XML External Entity Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1466 Release Date: ============= 2016-04-13 Vulnerability Laboratory ID VL-ID: ==================================== 1466...
Zend Framework 1.12.x < 1.12.4 / 2.1.x < 2.1.6 / 2.2.x < 2.2.6 Multiple XEE DoS
Binary data 9144.prm...
Amazon Linux: Security Advisory (ALAS-2014-377)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-5161
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
CVE-2015-5161
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
Xxe
The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...
CVE-2015-5161
CVE-2015-5161 affects ZendXml and Zend Framework components: ZendXml::scan in ZendXml < 1.0.1 and Zend Framework/Tmpl versions < 1.12.14, 2.x < 2.4.6, and 2.5.x
CVE-2015-1819
The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...
CVE-2015-1819
The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...
CVE-2015-1819
The CVE-2015-1819 entry is supported by connected data showing a deterministic DoS in libxml2 via XML Entity Expansion (XEE) during XML parsing, causing memory exhaustion. Amazon Linux 2 advisory ALAS2-2019-1220 explicitly groups CVE-2015-1819 with several libxml2 DoS/memory-related CVEs and inst...
XXE/XEE vector when using ZendXml on multibyte payloads
More info at https://framework.zend.com/security/advisory/ZF2015-06...
XXE/XEE vector when using ZendXml on multibyte payloads
More info at https://framework.zend.com/security/advisory/ZF2015-06...
XXE/XEE vector when using ZendXml on multibyte payloads
More info at https://framework.zend.com/security/advisory/ZF2015-06...