7.8

CVE-2015-5723

EPSS 0.1%
Published 07.06.2016 14:06:08
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Affected products Warnungen 0 Metrics 3 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Zend ≫ Zend-cache Version <= 2.4.7

Zend ≫ Zend-cache Version2.5.0

Zend ≫ Zend-cache Version2.5.1

Zend ≫ Zend-cache Version2.5.2

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Doctrine-project ≫ Object Relational Mapper Version <= 2.4.7

Doctrine-project ≫ Object Relational Mapper Version2.5.0

Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updatealpha1

Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updatealpha2

Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updatebeta1

Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updaterc1

Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updaterc2

Doctrine-project ≫ Doctrinemongodbbundle Version3.0.0

Zend ≫ Zend Framework Version <= 2.4.7

Doctrine-project ≫ Common Version <= 2.4.2

Doctrine-project ≫ Common Version2.5.0

Doctrine-project ≫ Common Version2.5.0 Updatebeta1

Doctrine-project ≫ Annotations Version <= 1.2.6

Doctrine-project ≫ Mongodb-odm Version <= 1.0.1

Zend ≫ Zend Framework Version <= 1.12.15

Doctrine-project ≫ Cache Version <= 1.3.1

Doctrine-project ≫ Cache Version1.4.0

Doctrine-project ≫ Cache Version1.4.1

Zend ≫ Zf-apigility-doctrine Version <= 1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.287

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://framework.zend.com/security/advisory/ZF2015-07

http://www.debian.org/security/2015/dsa-3369

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5723

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5723

EUVD