CVE-2015-8866
php: libxml_disable_entity_loader setting is shared between threads
Severity Score
9.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
ext/libxml/libxml.c en PHP en versiones anteriores a 5.5.22 y 5.6.x en versiones anteriores a 5.6.6, cuando se utiliza PHP-FPM, no aisla cada hilo de cambios libxml_disable_entity_loader en otros hilos, lo que permite a atacantes remotos llevar a cabo ataques XML External Entity (XXE) y XML Entity Expansion (XEE) a través de un documento XML manipulado, un problema relacionado con la CVE-2015-5161.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-04-23 CVE Reserved
- 2016-05-22 CVE Published
- 2024-03-14 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/87470 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=64938 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/24/1 | 2023-11-07 | |
| https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html | 2023-11-07 | |
| http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html | 2023-11-07 | |
| http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2016-2750.html | 2023-11-07 | |
| http://www.php.net/ChangeLog-5.php | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-2952-1 | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-2952-2 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2015-8866 | 2016-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1330418 | 2016-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.5.0 < 5.5.22 Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.22" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.6.0 < 5.6.6 Search vendor "Php" for product "Php" and version " >= 5.6.0 < 5.6.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.0.0 < 7.0.27 Search vendor "Php" for product "Php" and version " >= 7.0.0 < 7.0.27" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.1.0 < 7.1.13 Search vendor "Php" for product "Php" and version " >= 7.1.0 < 7.1.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.2.0 < 7.2.1 Search vendor "Php" for product "Php" and version " >= 7.2.0 < 7.2.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Module For Web Scripting Search vendor "Suse" for product "Linux Enterprise Module For Web Scripting" | 12 Search vendor "Suse" for product "Linux Enterprise Module For Web Scripting" and version "12" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp1 |
Affected
| ||||||