File Read Vulnerability in Zend Framework by Zend Technologies
CVE-2012-5657

Currently unrated

Key Information:

Vendor: Zend
Status: Zend Framework
Vendor: CVE Published:; 2 May 2013

What is CVE-2012-5657?

The Zend Framework has a vulnerability that arises from improper handling of XML input, specifically within the Zend_Feed_Rss and Zend_Feed_Atom classes. This flaw allows remote attackers to exploit XML External Entity (XXE) injection, leading to unauthorized access to arbitrary files on the server and the potential for sending HTTP requests to internal intranet resources. It can also contribute to denial of service conditions through excessive CPU and memory consumption.

References

http://openwall.com/lists/oss-security/2012/12/20/2

mailing-listx_refsource_MLIST

http://www.debian.org/security/2012/dsa-2602

vendor-advisoryx_refsource_DEBIAN

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2013
Vulnerability Reserved
Oct 24, 2012