{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3369", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3369"}, {"name": "FEDORA-2016-8dc0af2c29", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://framework.zend.com/security/advisory/ZF2015-07"}, {"name": "FEDORA-2016-fa7e683c6e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5723", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3369", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3369"}, {"name": "FEDORA-2016-8dc0af2c29", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"}, {"name": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html", "refsource": "CONFIRM", "url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"}, {"name": "http://framework.zend.com/security/advisory/ZF2015-07", "refsource": "CONFIRM", "url": "http://framework.zend.com/security/advisory/ZF2015-07"}, {"name": "FEDORA-2016-fa7e683c6e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:59:04.234Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3369", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3369"}, {"name": "FEDORA-2016-8dc0af2c29", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://framework.zend.com/security/advisory/ZF2015-07"}, {"name": "FEDORA-2016-fa7e683c6e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-5723", "datePublished": "2016-06-07T14:00:00.000Z", "dateReserved": "2015-08-03T00:00:00.000Z", "dateUpdated": "2024-08-06T06:59:04.234Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zend:zend-cache:*:*:*:*:*:*:*:*", "matchCriteriaId": "67A5BE81-0B49-43A9-B4D3-54FCE0D6AE28", "versionEndIncluding": "2.4.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend-cache:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E95FED4-A1B2-4851-AF95-0979121C0A69", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend-cache:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "DAC6C748-A52E-47A4-A615-70E59D1D30EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zend:zend-cache:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "ED45A472-B109-44FA-901B-164DF0F4DF40", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:*:*:*:*:*:*:*:*", "matchCriteriaId": "8904C198-BB8B-4E8C-80ED-CC4676065781", "versionEndIncluding": "2.4.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "5ED8B959-CE8F-49AA-B998-8598C8F0A6D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "C2A8659A-7A7F-40B9-B60F-71FE4637B016", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "2C887BAC-8EEC-4F3D-B1D8-023B80A3D8B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "75BA49E2-ABC5-4A61-968B-1CAA2FF7A942", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F2D4F787-6BE1-4CC6-9A24-00EE601ACCEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E14E6992-D334-465E-ACE9-F0D0DA6FDC05", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doctrine-project:doctrinemongodbbundle:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E8FB62B-8DB3-46D9-9636-B877B10061C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AB7019C-C868-4512-8855-F6ED2AC6A3A7", "versionEndIncluding": "2.4.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doctrine-project:common:*:*:*:*:*:*:*:*", "matchCriteriaId": "F004153E-7D36-4621-96DC-C47522EC1204", "versionEndIncluding": "2.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A88FB2A6-8AE3-46F4-91EB-BD7CAE22A83D", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "DF529016-31C4-4948-BA5C-3ED7C3DE062C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doctrine-project:annotations:*:*:*:*:*:*:*:*", "matchCriteriaId": "520EA826-22BD-496F-9DC9-267C76319B23", "versionEndIncluding": "1.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doctrine-project:mongodb-odm:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF62C793-9B7F-4B67-A7AC-CD27F6670B2D", "versionEndIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2CA52AF-D551-4CE9-A4CD-F264F702634A", "versionEndIncluding": "1.12.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:doctrine-project:cache:*:*:*:*:*:*:*:*", "matchCriteriaId": "809D06DE-60BB-4697-94E7-CEE067FED890", "versionEndIncluding": "1.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:cache:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E592D06-5F25-4015-A780-595130F48055", "vulnerable": true}, {"criteria": "cpe:2.3:a:doctrine-project:cache:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B0E6EA11-5D22-42C7-A085-28CCF728F4C5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zend:zf-apigility-doctrine:*:*:*:*:*:*:*:*", "matchCriteriaId": "461C9713-8E45-4642-8D35-F9878F931080", "versionEndIncluding": "1.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code."}, {"lang": "es", "value": "Doctrine Annotations en versiones anteriores a 1.2.7, Cache en versiones anteriores a 1.3.2 y 1.4.x en versiones anteriores a 1.4.2, Common en versiones anteriores a 2.4.3 y 2.5.x en versiones anteriores a 2.5.1, ORM en versiones anteriores 2.4.8 o 2.5.x en versiones anteriores 2.5.1, MongoDB ODM en versiones anteriores a 1.0.2 y MongoDB ODM Bundle en versiones anteriores a 3.0.1 utilizan permisos de escritura universal para directorios de cach\u00e9, lo que permite a usuarios locales ejecutar c\u00f3digo PHP arbitrario con privilegios adicionales aprovechando una aplicaci\u00f3n con el umask establecido a 0 y que ejecuta entradas de cach\u00e9 como c\u00f3digo."}], "id": "CVE-2015-5723", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-07T14:06:08.697", "references": [{"source": "cve@mitre.org", "url": "http://framework.zend.com/security/advisory/ZF2015-07"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3369"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://framework.zend.com/security/advisory/ZF2015-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3369"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}