CVE-2015-5161

Zend Framework < 2.4.6 - XXE

Title source: rule

Description

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

Exploits (2)

exploitdb WORKING POC

by Dawid Golunski · textwebappsphp

https://www.exploit-db.com/exploits/38573

View Code ZIP pw:eip

exploitdb WORKING POC

by Dawid Golunski · textwebappsmultiple

https://www.exploit-db.com/exploits/37765

View Code ZIP pw:eip

References (10)

[Vendor Advisory] http://framework.zend.com/security/advisory/ZF2015-06

[Exploit] http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

[Exploit] http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

[Exploit] http://seclists.org/fulldisclosure/2015/Aug/46

[Exploit] http://www.securityfocus.com/bid/76177

[Exploit] https://www.exploit-db.com/exploits/37765/

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

[Third Party Advisory] http://www.debian.org/security/2015/dsa-3340

Scores

EPSS 0.3278

EPSS Percentile 96.9%

Details

Status published

Products (32)

zend/zend_framework 1.0.0 (5 CPE variants)

zend/zend_framework 1.0.1

zend/zend_framework 1.0.2

zend/zend_framework 1.0.3

zend/zend_framework 1.0.4

zend/zend_framework 1.5.0 rc1 (3 CPE variants)

zend/zend_framework 1.5.1

zend/zend_framework 1.5.2

zend/zend_framework 1.5.3

zend/zend_framework 1.6.0 (4 CPE variants)

... and 22 more

Published Aug 25, 2015

Tracked Since Feb 18, 2026