CVE-2012-3363 in Zendالمعلومات

الملخص

بحسب MITRE

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

14/06/2012

إفشاء

13/02/2013

الاعتدال

تمت الموافقة

إدخال

VDB-5595

CPE

جاهز

CWE

CWE-200 (مؤكد)

استغلال

تحميل

CVSS

9.1 (NVD)

EPSS

0.50248

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider, Telecommunication

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3363
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3363
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3363/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!