← Back

CVE-2012-3363

nvd nist
Published: Feb 13, 2013Modified: Apr 29, 2026

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.

Affected (8)

Zend
1 product
Zend Framework
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Zend
Zend Framework
From 1.0.0 to 1.11.12
Zend Framework
Version 1.12.0 rc1
Zend Framework
Version 1.12.0 rc2
Zend Framework
Version 1.12.0 rc3
Zend Framework
Version 1.12.0 rc4
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 17
Fedora
Version 18
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 6.0

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (24)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Mailing List
Source: secalert@redhat.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.