Description
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-251-1 | zendframework security update |
| Debian DLA |
DLA-251-2 | zendframework regression update |
 Debian DSA |
DSA-3265-1 | zendframework security update |
| Debian DSA |
DSA-3265-2 | zendframework regression update |
 EUVD |
EUVD-2022-4369 | (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. |
 Github GHSA |
GHSA-jh4x-4wmf-67pr | Zend Framework XEE Vulnerability |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T21:28:39.917Z
Reserved: 2013-02-13T00:00:00.000Z
Link: CVE-2012-6532
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-02-13T17:55:01.523
Modified: 2026-04-29T01:13:23.040
Link: CVE-2012-6532
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses