Vulnerability Change Records for CVE-2015-5723

Change History

CVE Modified by Source 6/08/2016 9:59:09 PM

Action Type Old Value New Value
Changed Description
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM to before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Modified Analysis 6/09/2016 5:25:39 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:zend:zend-cache:2.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:zend:zend-cache:2.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:zend:zend-cache:2.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:zend:zend-cache:2.4.7:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
          *cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:doctrine-project:mongodb-odm:1.0.1:*:*:*:*:*:*:* (and previous)
Configuration 4
     OR
          *cpe:2.3:a:doctrine-project:annotations:1.2.6:*:*:*:*:*:*:* (and previous)
Configuration 5
     OR
          *cpe:2.3:a:zend:zend_framework:2.4.7:*:*:*:*:*:*:* (and previous)
Configuration 6
     OR
          *cpe:2.3:a:doctrine-project:common:2.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:common:2.5.0:beta1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:common:2.4.2:*:*:*:*:*:*:* (and previous)
Configuration 7
     OR
          *cpe:2.3:a:zend:zf-apigility-doctrine:1.0.2:*:*:*:*:*:*:* (and previous)
Configuration 8
     OR
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.4.7:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha2:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:beta1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc2:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:*:*:*:*:*:*:*
Configuration 9
     OR
          *cpe:2.3:a:doctrine-project:doctrinemongodbbundle:3.0.0:*:*:*:*:*:*:*
Configuration 10
     OR
          *cpe:2.3:a:zend:zend_framework:1.12.15:*:*:*:*:*:*:* (and previous)
Configuration 11
     OR
          *cpe:2.3:a:doctrine-project:cache:1.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:cache:1.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:cache:1.3.1:*:*:*:*:*:*:* (and previous)
Configuration 1
     OR
          *cpe:2.3:a:zend:zend-cache:2.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:zend:zend-cache:2.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:zend:zend-cache:2.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:zend:zend-cache:2.4.7:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
          *cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.4.7:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha2:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:beta1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc2:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:*:*:*:*:*:*:*
Configuration 4
     OR
          *cpe:2.3:a:doctrine-project:doctrinemongodbbundle:3.0.0:*:*:*:*:*:*:*
Configuration 5
     OR
          *cpe:2.3:a:zend:zend_framework:2.4.7:*:*:*:*:*:*:* (and previous)
Configuration 6
     OR
          *cpe:2.3:a:doctrine-project:common:2.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:common:2.5.0:beta1:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:common:2.4.2:*:*:*:*:*:*:* (and previous)
Configuration 7
     OR
          *cpe:2.3:a:doctrine-project:annotations:1.2.6:*:*:*:*:*:*:* (and previous)
Configuration 8
     OR
          *cpe:2.3:a:doctrine-project:mongodb-odm:1.0.1:*:*:*:*:*:*:* (and previous)
Configuration 9
     OR
          *cpe:2.3:a:zend:zend_framework:1.12.15:*:*:*:*:*:*:* (and previous)
Configuration 10
     OR
          *cpe:2.3:a:doctrine-project:cache:1.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:cache:1.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:doctrine-project:cache:1.3.1:*:*:*:*:*:*:* (and previous)
Configuration 11
     OR
          *cpe:2.3:a:zend:zf-apigility-doctrine:1.0.2:*:*:*:*:*:*:* (and previous)

CVE Translated 6/09/2016 10:45:06 AM

Action Type Old Value New Value
Changed Translation
Doctrine Annotations
Doctrine Annotations, Cache, Common, ORM, MongoDB ODM y MongoDB ODM Bundle

Initial CVE Analysis 6/07/2016 1:53:09 PM

Action Type Old Value New Value

CVE Modified by MITRE 11/28/2016 2:35:18 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/ [No Types Assigned]
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/ [No Types Assigned]