CVE-2012-5657 in Zend Framework信息

摘要 (英语)

The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.

预定

2012-10-24

披露

2013-05-02

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
7186	Zend Framework Zend_Feed_Rss XXE 信息公开	200	概念验证	官方修复	CVE-2012-5657
7185	Zend Framework import 信息公开	200	概念验证	官方修复	CVE-2012-5657

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!