Lucene search

K

Veracode Vulnerability DatabaseVERACODE:4720

HistoryJul 26, 2017 - 11:17 p.m.

XML External Entity (XXE) And XML Entity Expansion (XEE)

2017-07-2623:17:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

0.079 Low

EPSS

Percentile

94.3%

Zendframework and ZendXml is vulnerable to XML external entity (XXE) And XML entity expansion (XEE). These attacks are possible through the Zend_Xml_Security::scan function in ZendXml.

CPENameOperatorVersion
zendframework/zendframeworkle2.5.1
zendframework/zendframeworkle2.4.5
zendframework/zendframework1le1.12.13
zendframework/zendxmleq1.0.0

References

framework.zend.com/security/advisory/ZF2015-06

legalhackers.com/advisories/zend-framework-XXE-vuln.txt

lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

seclists.org/fulldisclosure/2015/Aug/46

www.debian.org/security/2015/dsa-3340

www.securityfocus.com/bid/76177

framework.zend.com/security/advisory/ZF2015-06

www.exploit-db.com/exploits/37765/

0.079 Low

EPSS

Percentile

94.3%

Related for VERACODE:4720

nessus14 packetstorm1 openvas13 securityvulns2 friendsofphp3 ubuntucve2 fedora9 osv3 debian3 mageia2 prion2 github1 exploitpack2 zdt1 cvelist2 nvd2 cve2 exploitdb2 f51 suse1