Published: 02/05/2013 Updated: 03/05/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x prior to 1.11.15 and 1.12.x prior to 1.12.1 allow remote malicious users to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zend zend framework 1.11.10
zend zend framework 1.11.11
zend zend framework 1.11.12
zend zend framework 1.11.13
zend zend framework 1.11.2
zend zend framework 1.11.3
zend zend framework 1.11.4
zend zend framework 1.11.5
zend zend framework 1.11.1
zend zend framework 1.11.6
zend zend framework 1.11.8
zend zend framework 1.11.0
zend zend framework 1.11.7
zend zend framework 1.11.9
zend zend framework 1.12.0

Debian Bug report logs - #743175 zendframework: two security issues Package: zendframework; Maintainer for zendframework is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for zendframework is src:zendframework (PTS, buildd, popcon) Reported by: "Thijs Kinkhorst" <thijs@debianorg> Date: Mo ...

Debian Bug report logs - #696483 zendframework: CVE-2012-5657 Package: zendframework; Maintainer for zendframework is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for zendframework is src:zendframework (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 21 D ...

Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information For the stable distribution (squeeze), this problem has been fixed in version 1106-1squeeze2 For the testing distribution (wheezy), this problem has be ...

Multiple vulnerabilities were discovered in Zend Framework, a PHP framework Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some functions This fix extends the incomple ...

The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 111x before 11115 and 112x before 1121 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack ...

CWE-200 http://secunia.com/advisories/51583 http://framework.zend.com/security/advisory/ZF2012-05 http://www.mandriva.com/security/advisories?name=MDVSA-2013:115 http://openwall.com/lists/oss-security/2012/12/20/2 http://openwall.com/lists/oss-security/2012/12/20/4 http://www.debian.org/security/2012/dsa-2602 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743175 https://www.debian.org/security/./dsa-2602

CVE-2012-5657

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect