Vulnerabilities > CVE-2014-1439 - Unspecified vulnerability in Hiphop Virtual Machine FOR PHP Project Hiphop Virtual Machine FOR PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks. CWE-611: Improper Restriction of XML External Entity Reference ('XXE')