Lucene search
HistoryFeb 13, 2013 - 5:55 p.m.
CVE-2012-6532
cve
zend framework
denial of service
xee attack
xml entity expansion
security vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8.9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.8%
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
Affected configurations
Node
zendzend_frameworkMatch1.0.4
ORzendzend_frameworkMatch1.5.0
ORzendzend_frameworkMatch1.5.1
ORzendzend_frameworkMatch1.5.2
ORzendzend_frameworkMatch1.5.3
ORzendzend_frameworkMatch1.6.0
ORzendzend_frameworkMatch1.6.1
ORzendzend_frameworkMatch1.6.2
ORzendzend_frameworkMatch1.7.0
ORzendzend_frameworkMatch1.7.1
ORzendzend_frameworkMatch1.7.2
ORzendzend_frameworkMatch1.7.3
ORzendzend_frameworkMatch1.7.4
ORzendzend_frameworkMatch1.7.5
ORzendzend_frameworkMatch1.7.6
ORzendzend_frameworkMatch1.7.7
ORzendzend_frameworkMatch1.7.8
ORzendzend_frameworkMatch1.7.9
ORzendzend_frameworkMatch1.8.0
ORzendzend_frameworkMatch1.8.1
ORzendzend_frameworkMatch1.8.2
ORzendzend_frameworkMatch1.8.3
ORzendzend_frameworkMatch1.8.4
ORzendzend_frameworkMatch1.8.5
ORzendzend_frameworkMatch1.9.0
ORzendzend_frameworkMatch1.9.1
ORzendzend_frameworkMatch1.9.2
ORzendzend_frameworkMatch1.9.3
ORzendzend_frameworkMatch1.9.4
ORzendzend_frameworkMatch1.9.5
ORzendzend_frameworkMatch1.9.6
ORzendzend_frameworkMatch1.9.7
ORzendzend_frameworkMatch1.9.8
ORzendzend_frameworkMatch1.10.0
ORzendzend_frameworkMatch1.10.1
ORzendzend_frameworkMatch1.10.2
ORzendzend_frameworkMatch1.10.3
ORzendzend_frameworkMatch1.10.4
ORzendzend_frameworkMatch1.10.5
ORzendzend_frameworkMatch1.10.6
ORzendzend_frameworkMatch1.10.7
ORzendzend_frameworkMatch1.10.8
ORzendzend_frameworkMatch1.11.0
ORzendzend_frameworkMatch1.11.1
ORzendzend_frameworkMatch1.11.2
ORzendzend_frameworkMatch1.11.3
ORzendzend_frameworkMatch1.11.4
ORzendzend_frameworkMatch1.11.5
ORzendzend_frameworkMatch1.11.6
ORzendzend_frameworkMatch1.11.7
ORzendzend_frameworkMatch1.11.8
ORzendzend_frameworkMatch1.11.9
ORzendzend_frameworkMatch1.11.10
ORzendzend_frameworkMatch1.11.11
ORzendzend_frameworkMatch1.11.12
ORzendzend_frameworkMatch1.12.0rc1
ORzendzend_frameworkMatch1.12.0rc2
ORzendzend_frameworkMatch1.12.0rc3
ORzendzend_frameworkMatch1.12.0rc4
Related
osv
osv
Zend Framework XEE Vulnerability
2022-05-17 05:10:32
Several Zend Products Vulnerable to XXE and XEE attacks
2022-05-14 00:56:24
zendframework - security update
2015-05-20 00:00:00
github
github
Zend Framework XEE Vulnerability
2022-05-17 05:10:32
Several Zend Products Vulnerable to XXE and XEE attacks
2022-05-14 00:56:24
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2013-02-13 17:55:00
Design/Logic Flaw
2014-11-16 00:59:00
nvd
nvd
CVE-2012-6532
2013-02-13 17:55:01
CVE-2014-2683
2014-11-16 00:59:03
cvelist
cvelist
CVE-2012-6532
2013-02-13 17:00:00
CVE-2014-2683
2014-11-16 00:00:00
cve
cve
CVE-2014-2683
2014-11-16 00:59:03
openvas
openvas
Debian Security Advisory DSA 3265-1 (zendframework - security update)
2015-05-20 00:00:00
Debian: Security Advisory (DLA-251-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3265-1)
2015-05-19 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3265-1] zendframework security update
2015-06-08 00:00:00
debian
debian
[SECURITY] [DSA 3265-2] zendframework regression update
2015-05-24 11:55:24
[SECURITY] [DLA 251-1] zendframework security update
2015-06-20 18:40:57
[SECURITY] [DSA 3265-1] zendframework security update
2015-05-20 09:37:25
nessus
nessus
Debian DLA-251-2 : zendframework regression update
2015-06-22 00:00:00
Debian DSA-3265-1 : zendframework - security update
2015-05-21 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8.9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.8%
Related for CVE-2012-6532