Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
Metrics
Affected Vendors & Products
References
History
Thu, 16 Jan 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-02-13T17:00:00
Updated: 2025-01-16T20:38:41.614Z
Reserved: 2012-06-14T00:00:00
Link: CVE-2012-3363
Vulnrichment
Updated: 2024-08-06T20:05:12.421Z
NVD
Status : Modified
Published: 2013-02-13T17:55:01.320
Modified: 2025-01-16T21:15:09.890
Link: CVE-2012-3363
Redhat
No data.