ext/libxml/libxml.c in PHP prior to 5.5.22 and 5.6.x prior to 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote malicious users to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise module for web scripting 12 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |