Back to search
CVE-2012-5657
Published: May 2, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20121219 CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)
mailing-list
x_refsource_MLIST
DSA-2602
vendor-advisory
x_refsource_DEBIAN
MDVSA-2013:115
vendor-advisory
x_refsource_MANDRIVA
http://framework.zend.com/security/advisory/ZF2012-05
x_refsource_CONFIRM
51583
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20121219 Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now