CakePHP Security Bypass Fixed by 3.1.5


Description   (:A vulnerability has been identified in CakePHP.:A remote attacker could exploit it in order to bypass CSRF protections in order to execute arbitrary code.::This vulnerability stems from a bad filtering of HTTP methods.)
     
Vulnerable Products   Vulnerable Software:
CakePHP (Cake Software Foundation) - 1.0, 1.1, 1.1.1, 1.1.2, 1.1.3, ..., 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4
     
Solution   Version 3.1.5 of CakePHP fixes this vulnerability.
     
CVE  
     
References   - CakePHP : CakePHP 3.1.5 Released
http://bakery.cakephp.org/2015/11/29/cakephp_315_released.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Invalid HTTP protocol
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-11-29 

 Target Type 
Server 

 Possible exploit 
Remote