First published: Mon Aug 03 2015(Updated: )
The `Zend_Xml_Security::scan` in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/zendframework/zendframework | >=2.0.0<2.0.99>=2.1.0<2.1.99>=2.2.0<2.2.99>=2.3.0<2.3.8>=2.4.0<2.4.6>=2.5.0<2.5.1 | |
composer/zendframework/zendxml | >=1.0.0<1.0.1 | |
composer/zendframework/zendframework1 | >=1.12.0<1.12.14 | |
Zend Zend Framework | =1.0.0 | |
Zend Zend Framework | =1.0.0-rc1 | |
Zend Zend Framework | =1.0.0-rc2 | |
Zend Zend Framework | =1.0.0-rc2a | |
Zend Zend Framework | =1.0.0-rc3 | |
Zend Zend Framework | =1.0.1 | |
Zend Zend Framework | =1.0.2 | |
Zend Zend Framework | =1.0.3 | |
Zend Zend Framework | =1.0.4 | |
Zend Zend Framework | =1.5.0-rc1 | |
Zend Zend Framework | =1.5.0-rc2 | |
Zend Zend Framework | =1.5.0-rc3 | |
Zend Zend Framework | =1.5.1 | |
Zend Zend Framework | =1.5.2 | |
Zend Zend Framework | =1.5.3 | |
Zend Zend Framework | =1.6.0 | |
Zend Zend Framework | =1.6.0-rc1 | |
Zend Zend Framework | =1.6.0-rc2 | |
Zend Zend Framework | =1.6.0-rc3 | |
Zend Zend Framework | =1.6.1 | |
Zend Zend Framework | =1.6.2 | |
Zend Zend Framework | =1.7.0 | |
Zend Zend Framework | =1.7.0-pl1 | |
Zend Zend Framework | =1.7.0-pr | |
Zend Zend Framework | =1.7.1 | |
Zend Zend Framework | =1.7.2 | |
Zend Zend Framework | =1.7.3 | |
Zend Zend Framework | =1.7.3-pl1 | |
Zend Zend Framework | =1.7.4 | |
Zend Zend Framework | =1.7.5 | |
Zend Zend Framework | =1.7.6 | |
Zend Zend Framework | =1.7.7 | |
Zend Zend Framework | =1.7.8 | |
Zend Zend Framework | =1.7.9 | |
Zend Zend Framework | =1.8.0 | |
Zend Zend Framework | =1.8.0-a1 | |
Zend Zend Framework | =1.8.0-b1 | |
Zend Zend Framework | =1.8.1 | |
Zend Zend Framework | =1.8.2 | |
Zend Zend Framework | =1.8.3 | |
Zend Zend Framework | =1.8.4 | |
Zend Zend Framework | =1.8.4-pl1 | |
Zend Zend Framework | =1.8.5 | |
Zend Zend Framework | =1.9.0 | |
Zend Zend Framework | =1.9.0-a1 | |
Zend Zend Framework | =1.9.0-b1 | |
Zend Zend Framework | =1.9.0-rc1 | |
Zend Zend Framework | =1.9.1 | |
Zend Zend Framework | =1.9.2 | |
Zend Zend Framework | =1.9.3 | |
Zend Zend Framework | =1.9.3-pl1 | |
Zend Zend Framework | =1.9.4 | |
Zend Zend Framework | =1.9.5 | |
Zend Zend Framework | =1.9.6 | |
Zend Zend Framework | =1.9.7 | |
Zend Zend Framework | =1.9.8 | |
Zend Zend Framework | =1.10.0 | |
Zend Zend Framework | =1.10.0-alpha1 | |
Zend Zend Framework | =1.10.0-beta1 | |
Zend Zend Framework | =1.10.0-rc1 | |
Zend Zend Framework | =1.10.1 | |
Zend Zend Framework | =1.10.2 | |
Zend Zend Framework | =1.10.3 | |
Zend Zend Framework | =1.10.4 | |
Zend Zend Framework | =1.10.5 | |
Zend Zend Framework | =1.10.6 | |
Zend Zend Framework | =1.10.7 | |
Zend Zend Framework | =1.10.8 | |
Zend Zend Framework | =1.10.9 | |
Zend Zend Framework | =1.11.0 | |
Zend Zend Framework | =1.11.0-b1 | |
Zend Zend Framework | =1.11.0-rc1 | |
Zend Zend Framework | =1.11.1 | |
Zend Zend Framework | =1.11.2 | |
Zend Zend Framework | =1.11.3 | |
Zend Zend Framework | =1.11.4 | |
Zend Zend Framework | =1.11.5 | |
Zend Zend Framework | =1.11.6 | |
Zend Zend Framework | =1.11.7 | |
Zend Zend Framework | =1.11.8 | |
Zend Zend Framework | =1.11.9 | |
Zend Zend Framework | =1.11.10 | |
Zend Zend Framework | =1.11.11 | |
Zend Zend Framework | =1.11.12 | |
Zend Zend Framework | =1.11.13 | |
Zend Zend Framework | =1.12.0 | |
Zend Zend Framework | =1.12.0-rc1 | |
Zend Zend Framework | =1.12.0-rc2 | |
Zend Zend Framework | =1.12.0-rc3 | |
Zend Zend Framework | =1.12.0-rc4 | |
Zend Zend Framework | =1.12.1 | |
Zend Zend Framework | =1.12.2 | |
Zend Zend Framework | =1.12.3 | |
Zend Zend Framework | =1.12.4 | |
Zend Zend Framework | =1.12.5 | |
Zend Zend Framework | =1.12.6 | |
Zend Zend Framework | =1.12.7 | |
Zend Zend Framework | =1.12.8 | |
Zend Zend Framework | =1.12.9 | |
Zend Zend Framework | =1.12.10 | |
Zend Zend Framework | =1.12.11 | |
Zend Zend Framework | =1.12.12 | |
Zend Zend Framework | =1.12.13 | |
Zend Zend Framework | =2.0.0 | |
Zend Zend Framework | =2.0.0-rc1 | |
Zend Zend Framework | =2.0.0-rc2 | |
Zend Zend Framework | =2.0.0-rc3 | |
Zend Zend Framework | =2.0.0-rc4 | |
Zend Zend Framework | =2.0.0-rc5 | |
Zend Zend Framework | =2.0.0-rc6 | |
Zend Zend Framework | =2.0.0-rc7 | |
Zend Zend Framework | =2.0.1 | |
Zend Zend Framework | =2.0.2 | |
Zend Zend Framework | =2.0.3 | |
Zend Zend Framework | =2.0.4 | |
Zend Zend Framework | =2.0.5 | |
Zend Zend Framework | =2.0.6 | |
Zend Zend Framework | =2.0.7 | |
Zend Zend Framework | =2.1.0 | |
Zend Zend Framework | =2.1.1 | |
Zend Zend Framework | =2.1.2 | |
Zend Zend Framework | =2.1.3 | |
Zend Zend Framework | =2.1.4 | |
Zend Zend Framework | =2.1.5 | |
Zend Zend Framework | =2.1.6 | |
Zend Zend Framework | =2.2.0 | |
Zend Zend Framework | =2.2.1 | |
Zend Zend Framework | =2.2.2 | |
Zend Zend Framework | =2.2.3 | |
Zend Zend Framework | =2.2.4 | |
Zend Zend Framework | =2.2.5 | |
Zend Zend Framework | =2.2.6 | |
Zend Zend Framework | =2.2.7 | |
Zend Zend Framework | =2.2.8 | |
Zend Zend Framework | =2.2.9 | |
Zend Zend Framework | =2.2.10 | |
Zend Zend Framework | =2.3.0 | |
Zend Zend Framework | =2.3.1 | |
Zend Zend Framework | =2.3.2 | |
Zend Zend Framework | =2.3.3 | |
Zend Zend Framework | =2.3.4 | |
Zend Zend Framework | =2.3.5 | |
Zend Zend Framework | =2.3.6 | |
Zend Zend Framework | =2.3.7 | |
Zend Zend Framework | =2.3.8 | |
Zend Zend Framework | =2.3.9 | |
Zend Zend Framework | =2.4.0 | |
Zend Zend Framework | =2.4.1 | |
Zend Zend Framework | =2.4.2 | |
Zend Zend Framework | =2.4.3 | |
Zend Zend Framework | =2.4.4 | |
Zend Zend Framework | =2.4.5 | |
Zend Zend Framework | =2.5.0 | |
Zend Zend Framework | =2.5.1 | |
composer/zendframework/zendframework | >=1.12.0<1.12.14 | 1.12.14 |
composer/zendframework/zendxml | >=1.0.0<1.0.1 | 1.0.1 |
composer/zendframework/zendframework1 | >=1.12.0<1.12.14 | 1.12.14 |
composer/zendframework/zendframework | >=2.5.0<2.5.2 | 2.5.2 |
composer/zendframework/zendframework | >=2.0.0<2.4.6 | 2.4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.