CVE-2012-6532

Published: Feb 13, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.

Affected (59)

Products: Zend: Zend Framework

Zend

1 product

Zend Framework

Configuration A

59 vulnerable

Vulnerable Software	Affected Versions
Zend Zend Framework	Version 1.0.4
Zend Zend Framework	Version 1.10.0
Zend Zend Framework	Version 1.10.1
Zend Zend Framework	Version 1.10.2
Zend Zend Framework	Version 1.10.3
Zend Zend Framework	Version 1.10.4
Zend Zend Framework	Version 1.10.5
Zend Zend Framework	Version 1.10.6
Zend Zend Framework	Version 1.10.7
Zend Zend Framework	Version 1.10.8
Zend Zend Framework	Version 1.11.0
Zend Zend Framework	Version 1.11.10
Zend Zend Framework	Version 1.11.11
Zend Zend Framework	Version 1.11.12
Zend Zend Framework	Version 1.11.1
Zend Zend Framework	Version 1.11.2
Zend Zend Framework	Version 1.11.3
Zend Zend Framework	Version 1.11.4
Zend Zend Framework	Version 1.11.5
Zend Zend Framework	Version 1.11.6
Zend Zend Framework	Version 1.11.7
Zend Zend Framework	Version 1.11.8
Zend Zend Framework	Version 1.11.9
Zend Zend Framework	Version 1.12.0 rc1
Zend Zend Framework	Version 1.12.0 rc2
Zend Zend Framework	Version 1.12.0 rc3
Zend Zend Framework	Version 1.12.0 rc4
Zend Zend Framework	Version 1.5.0
Zend Zend Framework	Version 1.5.1
Zend Zend Framework	Version 1.5.2
Zend Zend Framework	Version 1.5.3
Zend Zend Framework	Version 1.6.0
Zend Zend Framework	Version 1.6.1
Zend Zend Framework	Version 1.6.2
Zend Zend Framework	Version 1.7.0
Zend Zend Framework	Version 1.7.1
Zend Zend Framework	Version 1.7.2
Zend Zend Framework	Version 1.7.3
Zend Zend Framework	Version 1.7.4
Zend Zend Framework	Version 1.7.5
Zend Zend Framework	Version 1.7.6
Zend Zend Framework	Version 1.7.7
Zend Zend Framework	Version 1.7.8
Zend Zend Framework	Version 1.7.9
Zend Zend Framework	Version 1.8.0
Zend Zend Framework	Version 1.8.1
Zend Zend Framework	Version 1.8.2
Zend Zend Framework	Version 1.8.3
Zend Zend Framework	Version 1.8.4
Zend Zend Framework	Version 1.8.5
Zend Zend Framework	Version 1.9.0
Zend Zend Framework	Version 1.9.1
Zend Zend Framework	Version 1.9.2
Zend Zend Framework	Version 1.9.3
Zend Zend Framework	Version 1.9.4
Zend Zend Framework	Version 1.9.5
Zend Zend Framework	Version 1.9.6
Zend Zend Framework	Version 1.9.7
Zend Zend Framework	Version 1.9.8

Related CWEs

CWE-399

References (4)

http://framework.zend.com/security/advisory/ZF2012-02

Source: cve@mitre.org

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:115

Source: cve@mitre.org

http://framework.zend.com/security/advisory/ZF2012-02

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:115

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.