First published: Thu May 02 2013(Updated: )
The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/zendframework/zendframework1 | >=1.12.0-rc1<1.12.1 | 1.12.1 |
composer/zendframework/zendframework1 | <1.11.15 | 1.11.15 |
Zend Zend Framework | =1.11.0 | |
Zend Zend Framework | =1.11.1 | |
Zend Zend Framework | =1.11.2 | |
Zend Zend Framework | =1.11.3 | |
Zend Zend Framework | =1.11.4 | |
Zend Zend Framework | =1.11.5 | |
Zend Zend Framework | =1.11.6 | |
Zend Zend Framework | =1.11.7 | |
Zend Zend Framework | =1.11.8 | |
Zend Zend Framework | =1.11.9 | |
Zend Zend Framework | =1.11.10 | |
Zend Zend Framework | =1.11.11 | |
Zend Zend Framework | =1.11.12 | |
Zend Zend Framework | =1.11.13 | |
Zend Zend Framework | =1.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.