Executive Summary

Informations
Name CVE-2015-5161 First vendor Publication 2015-08-25
Vendor Cve Last vendor Modification 2016-12-24

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 154

Snort® IPS/IDS

Date Description
2016-03-14 Zend Technologies Zend Framework heuristicScan XML external entity injection ...
RuleID : 36895 - Revision : 2 - Type : SERVER-WEBAPP
2016-03-14 Zend Technologies Zend Framework heuristicScan XML external entity injection ...
RuleID : 36894 - Revision : 2 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2016-08-29 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-1638-1.nasl - Type : ACT_GATHER_INFO
2016-06-01 Name : The remote Debian host is missing a security update.
File : debian_DLA-499.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-2e7c06c639.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-6d70a701bf.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2015-f1e18131bc.nasl - Type : ACT_GATHER_INFO
2015-08-28 Name : The remote Debian host is missing a security update.
File : debian_DLA-302.nasl - Type : ACT_GATHER_INFO
2015-08-28 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2015-13488.nasl - Type : ACT_GATHER_INFO
2015-08-28 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2015-13529.nasl - Type : ACT_GATHER_INFO
2015-08-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3340.nasl - Type : ACT_GATHER_INFO
2015-08-24 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2015-13314.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/76177
CONFIRM http://framework.zend.com/security/advisory/ZF2015-06
DEBIAN http://www.debian.org/security/2015/dsa-3340
EXPLOIT-DB https://www.exploit-db.com/exploits/37765/
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409....
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147....
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173....
FULLDISC http://seclists.org/fulldisclosure/2015/Aug/46
MISC http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt
http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-05-04 12:40:39
  • Multiple Updates
2021-04-22 01:49:35
  • Multiple Updates
2020-05-23 00:45:53
  • Multiple Updates
2016-12-24 09:24:17
  • Multiple Updates
2016-12-22 09:24:01
  • Multiple Updates
2016-08-30 13:21:27
  • Multiple Updates
2016-06-02 13:27:31
  • Multiple Updates
2016-04-27 02:34:58
  • Multiple Updates
2016-03-05 13:26:43
  • Multiple Updates
2015-09-02 21:28:05
  • Multiple Updates
2015-08-29 13:33:52
  • Multiple Updates
2015-08-26 21:29:58
  • Multiple Updates
2015-08-25 21:29:04
  • First insertion