Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2015-8866
HistoryMay 22, 2016 - 12:00 a.m.

CVE-2015-8866

2016-05-2200:00:00
ubuntu.com
ubuntu.com
32

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when
PHP-FPM is used, does not isolate each thread from
libxml_disable_entity_loader changes in other threads, which allows remote
attackers to conduct XML External Entity (XXE) and XML Entity Expansion
(XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.22UNKNOWN
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.16UNKNOWN

Related

prion 2
cve 2
f5 1
openvas 16
nessus 23
securityvulns 2
packetstorm 1
ubuntucve 1
osv 3
fedora 9
veracode 58
debian 3
exploitpack 2
zdt 1
mageia 2
github 1
exploitdb 2
suse 5
ibm 1
redhat 1
prion
prion
Xxe
2016-05-22 01:59:00
Xxe
2015-08-25 17:59:00
cve
cve
CVE-2015-8866
2016-05-22 01:59:00
CVE-2015-5161
2015-08-25 17:59:00
f5
f5
K80922332 : PHP vulnerability CVE-2015-8866
2020-10-02 00:00:00
openvas
openvas
Debian Security Advisory DSA 3340-1 (zendframework - security update)
2015-08-19 00:00:00
Mageia Linux Local Check: mgasa-2015-0371
2015-10-15 00:00:00
PHP XML Entity Expansion And XML External Entity Vulnerabilities (Windows)
2016-07-14 00:00:00
nessus
nessus
Debian DSA-3340-1 : zendframework - security update
2015-08-24 00:00:00
Debian DLA-302-1 : zendframework security update
2015-08-28 00:00:00
Fedora 21 : php-ZendFramework2-2.4.7-1.fc21 / php-guzzle-Guzzle-3.9.3-5.fc21 (2015-13488)
2015-08-28 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3340-1] zendframework security update
2015-08-24 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-08-24 00:00:00
packetstorm
packetstorm
Zend Framework 2.4.2 / 1.12.13 XXE Injection
2015-08-13 00:00:00
ubuntucve
ubuntucve
CVE-2015-5161
2015-08-25 00:00:00
osv
osv
zendframework - security update
2015-08-27 00:00:00
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
2022-05-17 03:16:37
php5 - security update
2016-05-31 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: php-ZendFramework2-2.4.7-1.fc22
2015-08-27 18:33:26
[SECURITY] Fedora 22 Update: php-guzzle-Guzzle-3.9.3-5.fc22
2015-08-27 18:33:26
[SECURITY] Fedora 23 Update: php-guzzle-Guzzle-3.9.3-5.fc23
2015-08-22 17:43:05
veracode
veracode
XML External Entity (XXE) And XML Entity Expansion (XEE)
2017-07-26 23:17:17
Denial Of Service (DoS)
2019-05-02 06:02:21
Denial Of Service (DoS)
2019-05-02 06:02:17
debian
debian
[SECURITY] [DSA 3340-1] zendframework security update
2015-08-19 21:43:10
[SECURITY] [DLA 302-1] zendframework security update
2015-08-27 17:38:42
[SECURITY] [DLA 499-1] php5 security update
2016-05-31 20:07:56
exploitpack
exploitpack
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection
2015-08-13 00:00:00
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
zdt
zdt
Zend Framework 2.4.2 / 1.12.13 XXE Injection Vulnerability
2015-08-13 00:00:00
mageia
mageia
Updated php-ZendFramework packages fix CVE-2015-5161
2015-09-15 17:55:06
Updated php-ZendFramework packages fix CVE-2015-5161
2015-09-15 17:55:06
github
github
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
2022-05-17 03:16:37
exploitdb
exploitdb
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection
2015-08-13 00:00:00
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
suse
suse
Security update for php5 (important)
2016-05-20 15:09:02
Security update for php5 (important)
2016-05-11 18:07:54
Security update for php5 (important)
2016-05-11 14:07:47
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities
2018-06-18 01:33:37
redhat
redhat
(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update
2016-11-15 11:13:31

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON
Related for UB:CVE-2015-8866
prion2cve2f51openvas16nessus23securityvulns2packetstorm1ubuntucve1osv3fedora9veracode58debian3exploitpack2zdt1mageia2github1exploitdb2suse5ibm1redhat1