CVE-2012-6531

NONECVSS 0.0

0.0

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.

🔗 References (12)

cve@mitrehttp://framework.zend.com/security/advisory/ZF2012-01
cve@mitrehttp://www.debian.org/security/2012/dsa-2505
cve@mitrehttp://www.openwall.com/lists/oss-security/2012/06/26/2
cve@mitrehttp://www.openwall.com/lists/oss-security/2012/06/26/4
cve@mitrehttp://www.openwall.com/lists/oss-security/2012/06/27/2
cve@mitrehttps://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
af854a3a-2127-422b-91ae-364da2661108http://framework.zend.com/security/advisory/ZF2012-01
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2505
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/26/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/26/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/06/27/2
af854a3a-2127-422b-91ae-364da2661108https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt

Is Your Infrastructure Affected by CVE-2012-6531?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-6531

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-6531?