CVE-2014-1439CVE-2014-1439

Affected configuration(s):

cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.0
cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.1
cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.2
cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.1.0
cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.2.0
cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.0
cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.1
cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.2

Date published: 2014-02-05T14:55:28.873-05:00

Date last modified: 2017-08-28T21:34:24.890-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.hhvm.com/blog/3287/hhvm-2-4-0

Summary: The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.