CVE-2012-3363 in Zendinformazioni

Riassunto

di MITRE

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

14/06/2012

Divulgazione

13/02/2013

Moderazione

accettato

Voce

VDB-5595

CPE

pronto

CWE

CWE-200 (confermato)

Sfruttamento

Scaricare

CVSS

9.1 (NVD)

EPSS

0.50248

KEV

Attività

molto basso

Settore

Telecommunication, Hostingprovider

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3363
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3363
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3363/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!