Candidate: CVE-2015-8379
PublicDate: 2016-01-26 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8379
 http://karmainsecurity.com/KIS-2016-01
 https://github.com/cakephp/cakephp/issues/9160
Description:
 CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the
 CSRF protection mechanism via the _method parameter.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Egidio Romano
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_cakephp:
 upstream: https://github.com/cakephp/cakephp/commit/4b8d628a2e3a693d287e0b789b2ee42bc0829f4f
upstream_cakephp: released (2.7.9)
precise_cakephp: ignored (reached end-of-life)
precise/esm_cakephp: DNE (precise was needs-triage)
trusty_cakephp: not-affected (code not present)
trusty/esm_cakephp: DNE (trusty was not-affected [code not present])
vivid_cakephp: ignored (reached end-of-life)
vivid/stable-phone-overlay_cakephp: DNE
vivid/ubuntu-core_cakephp: DNE
wily_cakephp: ignored (reached end-of-life)
xenial_cakephp: not-affected (2.8.0-1)
yakkety_cakephp: ignored (reached end-of-life)
zesty_cakephp: ignored (reached end-of-life)
artful_cakephp: ignored (reached end-of-life)
bionic_cakephp: DNE
cosmic_cakephp: not-affected
devel_cakephp: not-affected