Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-6531
cve-2012-6531
zend framework
xxe injection
security vulnerability
nvd
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
AI Score
Confidence
High
0.264 Low
EPSS
Percentile
96.8%
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
Affected configurations
Node
zendzend_frameworkMatch1.0.4
ORzendzend_frameworkMatch1.5.0
ORzendzend_frameworkMatch1.5.1
ORzendzend_frameworkMatch1.5.2
ORzendzend_frameworkMatch1.5.3
ORzendzend_frameworkMatch1.6.0
ORzendzend_frameworkMatch1.6.1
ORzendzend_frameworkMatch1.6.2
ORzendzend_frameworkMatch1.7.0
ORzendzend_frameworkMatch1.7.1
ORzendzend_frameworkMatch1.7.2
ORzendzend_frameworkMatch1.7.3
ORzendzend_frameworkMatch1.7.4
ORzendzend_frameworkMatch1.7.5
ORzendzend_frameworkMatch1.7.6
ORzendzend_frameworkMatch1.7.7
ORzendzend_frameworkMatch1.7.8
ORzendzend_frameworkMatch1.7.9
ORzendzend_frameworkMatch1.8.0
ORzendzend_frameworkMatch1.8.1
ORzendzend_frameworkMatch1.8.2
ORzendzend_frameworkMatch1.8.3
ORzendzend_frameworkMatch1.8.4
ORzendzend_frameworkMatch1.8.5
ORzendzend_frameworkMatch1.9.0
ORzendzend_frameworkMatch1.9.1
ORzendzend_frameworkMatch1.9.2
ORzendzend_frameworkMatch1.9.3
ORzendzend_frameworkMatch1.9.4
ORzendzend_frameworkMatch1.9.5
ORzendzend_frameworkMatch1.9.6
ORzendzend_frameworkMatch1.9.7
ORzendzend_frameworkMatch1.9.8
ORzendzend_frameworkMatch1.10.0
ORzendzend_frameworkMatch1.10.1
ORzendzend_frameworkMatch1.10.2
ORzendzend_frameworkMatch1.10.3
ORzendzend_frameworkMatch1.10.4
ORzendzend_frameworkMatch1.10.5
ORzendzend_frameworkMatch1.10.6
ORzendzend_frameworkMatch1.10.7
ORzendzend_frameworkMatch1.10.8
ORzendzend_frameworkMatch1.11.0
ORzendzend_frameworkMatch1.11.1
ORzendzend_frameworkMatch1.11.2
ORzendzend_frameworkMatch1.11.3
ORzendzend_frameworkMatch1.11.4
ORzendzend_frameworkMatch1.11.5
ORzendzend_frameworkMatch1.11.6
ORzendzend_frameworkMatch1.11.7
ORzendzend_frameworkMatch1.11.8
ORzendzend_frameworkMatch1.11.9
ORzendzend_frameworkMatch1.11.10
ORzendzend_frameworkMatch1.11.11
ORzendzend_frameworkMatch1.11.12
ORzendzend_frameworkMatch1.12.0rc1
ORzendzend_frameworkMatch1.12.0rc2
ORzendzend_frameworkMatch1.12.0rc3
ORzendzend_frameworkMatch1.12.0rc4
References
Related
osv
osv
Zend Framework XEE Vulnerability
2022-05-17 05:14:21
Zend Framework XXE Vulnerability
2022-05-17 04:56:50
zendframework - regression update
2015-06-23 00:00:00
github
github
Zend Framework XEE Vulnerability
2022-05-17 05:14:21
Zend Framework XXE Vulnerability
2022-05-17 04:56:50
cvelist
cvelist
CVE-2012-6531
2022-10-03 16:15:27
CVE-2012-3363
2013-02-13 17:00:00
ubuntucve
ubuntucve
CVE-2012-6531
2013-02-13 00:00:00
CVE-2012-3363
2013-02-13 00:00:00
nvd
nvd
CVE-2012-6531
2013-02-13 17:55:01
CVE-2012-3363
2013-02-13 17:55:01
debian
debian
[SECURITY] [DSA 2505-1] zendframework security update
2012-06-29 19:42:45
[SECURITY] [DLA 251-2] zendframework regression update
2015-06-23 20:26:59
[SECURITY] [DLA 251-1] zendframework security update
2015-06-20 18:40:57
openvas
openvas
Fedora Update for php-ZendFramework FEDORA-2012-9978
2012-07-16 00:00:00
Fedora Update for php-ZendFramework FEDORA-2012-9979
2012-08-30 00:00:00
Debian: Security Advisory (DSA-2505-1)
2012-08-10 00:00:00
nessus
nessus
Fedora 17 : php-ZendFramework-1.11.12-1.fc17 (2012-9979)
2012-07-16 00:00:00
Debian DSA-2505-1 : zendframework - information disclosure
2012-07-03 00:00:00
cve
cve
CVE-2012-3363
2013-02-13 17:55:01
fedora
fedora
[SECURITY] Fedora 17 Update: php-ZendFramework-1.11.12-1.fc17
2012-07-14 21:59:54
[SECURITY] Fedora 16 Update: php-ZendFramework-1.11.12-1.fc16
2012-07-14 21:56:10
[SECURITY] Fedora 18 Update: moodle-2.3.6-1.fc18
2013-04-03 04:44:25
checkpoint_advisories
checkpoint_advisories
freebsd
freebsd
Zend Framework -- Multiple vulnerabilities via XXE injection
2012-06-26 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_ZEND_XMLRPC
2013-02-13 17:55:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
AI Score
Confidence
High
0.264 Low
EPSS
Percentile
96.8%
Related for CVE-2012-6531