File Read Vulnerability in Zend Framework by Zend Technologies
CVE-2012-5657

Currently unrated

Key Information:

Vendor

Zend

Status
Zend Framework
Vendor
CVE Published:
2 May 2013

What is CVE-2012-5657?

The Zend Framework has a vulnerability that arises from improper handling of XML input, specifically within the Zend_Feed_Rss and Zend_Feed_Atom classes. This flaw allows remote attackers to exploit XML External Entity (XXE) injection, leading to unauthorized access to arbitrary files on the server and the potential for sending HTTP requests to internal intranet resources. It can also contribute to denial of service conditions through excessive CPU and memory consumption.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://openwall.com/lists/oss-security/2012/12/20/2
mailing-listx_refsource_MLIST
http://www.debian.org/security/2012/dsa-2602
vendor-advisoryx_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.