← Back

CVE-2012-5657

nvd nist
Published: May 2, 2013Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.

Affected (15)

Products: Zend: Zend Framework
Zend
1 product
Zend Framework
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Zend
Zend Framework
Version 1.11.0
Zend Framework
Version 1.11.10
Zend Framework
Version 1.11.11
Zend Framework
Version 1.11.12
Zend Framework
Version 1.11.13
Zend Framework
Version 1.11.1
Zend Framework
Version 1.11.2
Zend Framework
Version 1.11.3
Zend Framework
Version 1.11.4
Zend Framework
Version 1.11.5
Zend Framework
Version 1.11.6
Zend Framework
Version 1.11.7
Zend Framework
Version 1.11.8
Zend Framework
Version 1.11.9
Zend Framework
Version 1.12.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.