Debian Security Advisory

DLA-333-1 cakephp -- LTS security update

Date Reported:
23 Oct 2015
Affected Packages:
Security database references:
No other external database security references currently available.
More information:

CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least DoS (Denial of Service) attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class.

For Debian 6 Squeeze, this issue has been fixed in cakephp version 1.3.2-1.1+deb6u11.