CVE-2012-6532

EPSS 0.47%

Zend Framework XEE Vulnerability

Published: 5/17/2022Modified: 1/12/2024

Description

(1) `Zend_Dom`, (2) `Zend_Feed`, (3) `Zend_Soap`, and (4) `Zend_XmlRpc` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.

Affected packages (1)

Packagist/zendframework/zendframework1>= 1.0, < 1.11.13

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6532
PATCHhttps://github.com/zendframework/zf1
WEBhttp://framework.zend.com/security/advisory/ZF2012-02
WEBhttps://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db
WEBhttps://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115