CVE-2012-6532
EPSS 0.47%Zend Framework XEE Vulnerability
發布日:2022/5/17修改日:2024/1/12
描述
(1) `Zend_Dom`, (2) `Zend_Feed`, (3) `Zend_Soap`, and (4) `Zend_XmlRpc` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
受影響套件(1)
- Packagist/zendframework/zendframework1>= 1.0, < 1.11.13
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6532
- PATCHhttps://github.com/zendframework/zf1
- WEBhttp://framework.zend.com/security/advisory/ZF2012-02
- WEBhttps://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db
- WEBhttps://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115