← Back

CVE-2012-6531

nvd nist
Published: Feb 13, 2013Modified: Apr 29, 2026

JSON object

Loading...
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD

Description

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.

Affected (59)

Products: Zend: Zend Framework
Zend
1 product
Zend Framework
Configuration A
59 vulnerable
Vulnerable SoftwareAffected Versions
Zend
Zend Framework
Version 1.0.4
Zend Framework
Version 1.10.0
Zend Framework
Version 1.10.1
Zend Framework
Version 1.10.2
Zend Framework
Version 1.10.3
Zend Framework
Version 1.10.4
Zend Framework
Version 1.10.5
Zend Framework
Version 1.10.6
Zend Framework
Version 1.10.7
Zend Framework
Version 1.10.8
Zend Framework
Version 1.11.0
Zend Framework
Version 1.11.10
Zend Framework
Version 1.11.11
Zend Framework
Version 1.11.12
Zend Framework
Version 1.11.1
Zend Framework
Version 1.11.2
Zend Framework
Version 1.11.3
Zend Framework
Version 1.11.4
Zend Framework
Version 1.11.5
Zend Framework
Version 1.11.6
Zend Framework
Version 1.11.7
Zend Framework
Version 1.11.8
Zend Framework
Version 1.11.9
Zend Framework
Version 1.12.0 rc1
Zend Framework
Version 1.12.0 rc2
Zend Framework
Version 1.12.0 rc3
Zend Framework
Version 1.12.0 rc4
Zend Framework
Version 1.5.0
Zend Framework
Version 1.5.1
Zend Framework
Version 1.5.2
Zend Framework
Version 1.5.3
Zend Framework
Version 1.6.0
Zend Framework
Version 1.6.1
Zend Framework
Version 1.6.2
Zend Framework
Version 1.7.0
Zend Framework
Version 1.7.1
Zend Framework
Version 1.7.2
Zend Framework
Version 1.7.3
Zend Framework
Version 1.7.4
Zend Framework
Version 1.7.5
Zend Framework
Version 1.7.6
Zend Framework
Version 1.7.7
Zend Framework
Version 1.7.8
Zend Framework
Version 1.7.9
Zend Framework
Version 1.8.0
Zend Framework
Version 1.8.1
Zend Framework
Version 1.8.2
Zend Framework
Version 1.8.3
Zend Framework
Version 1.8.4
Zend Framework
Version 1.8.5
Zend Framework
Version 1.9.0
Zend Framework
Version 1.9.1
Zend Framework
Version 1.9.2
Zend Framework
Version 1.9.3
Zend Framework
Version 1.9.4
Zend Framework
Version 1.9.5
Zend Framework
Version 1.9.6
Zend Framework
Version 1.9.7
Zend Framework
Version 1.9.8

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.