Debian Security Advisory
DLA-566-1 cakephp -- LTS security update
- Date Reported:
- 28 Jul 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 832283.
- More information:
CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least DoS (Denial of Service) attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class.
For Debian 7
Wheezy, these problems have been fixed in version 1.3.15-1+deb7u1.
We recommend that you upgrade your cakephp packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS