Debian Security Advisory
DLA-333-1 cakephp -- LTS security update
- Date Reported:
- 23 Oct 2015
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least DoS (Denial of Service) attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class.
For Debian 6 Squeeze, this issue has been fixed in cakephp version 1.3.2-1.1+deb6u11.