First published: Wed Feb 13 2013(Updated: )
`Zend_XmlRpc` in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle `SimpleXMLElement` classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zend Zend Framework | =1.0.0 | |
Zend Zend Framework | =1.0.0-rc1 | |
Zend Zend Framework | =1.0.0-rc2 | |
Zend Zend Framework | =1.0.0-rc2a | |
Zend Zend Framework | =1.0.0-rc3 | |
Zend Zend Framework | =1.0.1 | |
Zend Zend Framework | =1.0.2 | |
Zend Zend Framework | =1.0.3 | |
Zend Zend Framework | =1.0.4 | |
Zend Zend Framework | =1.5.0 | |
Zend Zend Framework | =1.5.0-pl | |
Zend Zend Framework | =1.5.0-pr | |
Zend Zend Framework | =1.5.0-rc1 | |
Zend Zend Framework | =1.5.0-rc2 | |
Zend Zend Framework | =1.5.0-rc3 | |
Zend Zend Framework | =1.5.1 | |
Zend Zend Framework | =1.5.2 | |
Zend Zend Framework | =1.5.3 | |
Zend Zend Framework | =1.6.0 | |
Zend Zend Framework | =1.6.0-rc1 | |
Zend Zend Framework | =1.6.0-rc2 | |
Zend Zend Framework | =1.6.0-rc3 | |
Zend Zend Framework | =1.6.1 | |
Zend Zend Framework | =1.6.2 | |
Zend Zend Framework | =1.7.0 | |
Zend Zend Framework | =1.7.0-pl1 | |
Zend Zend Framework | =1.7.0-pr | |
Zend Zend Framework | =1.7.1 | |
Zend Zend Framework | =1.7.2 | |
Zend Zend Framework | =1.7.3 | |
Zend Zend Framework | =1.7.3-pl1 | |
Zend Zend Framework | =1.7.4 | |
Zend Zend Framework | =1.7.5 | |
Zend Zend Framework | =1.7.6 | |
Zend Zend Framework | =1.7.7 | |
Zend Zend Framework | =1.7.8 | |
Zend Zend Framework | =1.7.9 | |
Zend Zend Framework | =1.8.0 | |
Zend Zend Framework | =1.8.0-a1 | |
Zend Zend Framework | =1.8.0-b1 | |
Zend Zend Framework | =1.8.1 | |
Zend Zend Framework | =1.8.2 | |
Zend Zend Framework | =1.8.3 | |
Zend Zend Framework | =1.8.4 | |
Zend Zend Framework | =1.8.4-pl1 | |
Zend Zend Framework | =1.8.5 | |
Zend Zend Framework | =1.9.0 | |
Zend Zend Framework | =1.9.0-a1 | |
Zend Zend Framework | =1.9.0-b1 | |
Zend Zend Framework | =1.9.0-rc1 | |
Zend Zend Framework | =1.9.1 | |
Zend Zend Framework | =1.9.2 | |
Zend Zend Framework | =1.9.3 | |
Zend Zend Framework | =1.9.3-pl1 | |
Zend Zend Framework | =1.9.4 | |
Zend Zend Framework | =1.9.5 | |
Zend Zend Framework | =1.9.6 | |
Zend Zend Framework | =1.9.7 | |
Zend Zend Framework | =1.9.8 | |
Zend Zend Framework | =1.10.0 | |
Zend Zend Framework | =1.10.0-alpha1 | |
Zend Zend Framework | =1.10.0-beta1 | |
Zend Zend Framework | =1.10.0-rc1 | |
Zend Zend Framework | =1.10.1 | |
Zend Zend Framework | =1.10.2 | |
Zend Zend Framework | =1.10.3 | |
Zend Zend Framework | =1.10.4 | |
Zend Zend Framework | =1.10.5 | |
Zend Zend Framework | =1.10.6 | |
Zend Zend Framework | =1.10.7 | |
Zend Zend Framework | =1.10.8 | |
Zend Zend Framework | =1.10.9 | |
Zend Zend Framework | =1.11.0 | |
Zend Zend Framework | =1.11.0-b1 | |
Zend Zend Framework | =1.11.0-rc1 | |
Zend Zend Framework | =1.11.1 | |
Zend Zend Framework | =1.11.2 | |
Zend Zend Framework | =1.11.3 | |
Zend Zend Framework | =1.11.4 | |
Zend Zend Framework | =1.11.5 | |
Zend Zend Framework | =1.11.6 | |
Zend Zend Framework | =1.11.7 | |
Zend Zend Framework | =1.11.8 | |
Zend Zend Framework | =1.11.9 | |
Zend Zend Framework | =1.11.10 | |
Zend Zend Framework | =1.11.11 | |
Zend Zend Framework | =1.12.0-rc1 | |
Zend Zend Framework | =1.12.0-rc2 | |
Zend Zend Framework | =1.12.0-rc3 | |
Zend Zend Framework | =1.12.0-rc4 | |
Zend Zend Framework | >=1.0.0<1.11.12 | |
Fedoraproject Fedora | =17 | |
Fedoraproject Fedora | =18 | |
Debian Debian Linux | =6.0 | |
composer/zendframework/zendframework1 | >=1.0.0<1.11.12 | 1.11.12 |
composer/zendframework/zendframework1 | >=1.12.0-rc1<1.12.0 | 1.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.