Advisories » MGASA-2016-0044

Updated cakephp package fixes security vulnerability

Publication date: 05 Feb 2016
Modification date: 05 Feb 2016
Type: security
Affected Mageia releases : 5

Description

CakePHP, an open-source web application framework for PHP, was vulnerable
to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize
it for at least DoS (Denial of Service) attacks, if the target application
accepts XML as an input. It is caused by insecure design of Cake's Xml
class.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17003
• http://lwn.net/Alerts/661886/

SRPMS

5/core

• cakephp-1.3.21-2.mga5