XML External Entity Vulnerability in Zend Framework by Zend Technologies
CVE-2012-6531

Currently unrated

Key Information:

Vendor: Zend
Status: Zend Framework
Vendor: CVE Published:; 13 February 2013

What is CVE-2012-6531?

The XML External Entity vulnerability in Zend Framework allows remote attackers to exploit the handling of SimpleXMLElement classes through an XML-RPC request. This vulnerability, found in Zend_Dom, Zend_Feed, and Zend_Soap components, results in the potential for arbitrary file reading or unauthorized TCP connections due to inadequate protections against external entity references. Proper mitigations are essential in securing applications built on vulnerable versions of Zend Framework.

References

http://www.openwall.com/lists/oss-security/2012/06/27/2

mailing-listx_refsource_MLIST

http://www.debian.org/security/2012/dsa-2505

vendor-advisoryx_refsource_DEBIAN

http://www.openwall.com/lists/oss-security/2012/06/26/4

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 13, 2013