CVE-2014-1439 in HipHop Virtual Machine for PHPinfo

Summary

The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

01/14/2014

Disclosure

02/05/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
66326	HipHop Virtual Machine for PHP XML libxml_disable_entity_loader information disclosure	200	Unproven	Official fix	CVE-2014-1439

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!