What is the severity of CVE-2012-6532?

CVE-2012-6532 has been classified as a denial of service vulnerability, specifically affecting CPU consumption.

How do I fix CVE-2012-6532?

To address CVE-2012-6532, upgrade to Zend Framework version 1.12.0 or 1.11.13.

Which versions of Zend Framework are affected by CVE-2012-6532?

CVE-2012-6532 affects Zend Framework 1.x versions prior to 1.11.13 and 1.12.x prior to 1.12.0.

What components are impacted by CVE-2012-6532?

The components impacted by CVE-2012-6532 include Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc within Zend Framework.

Can CVE-2012-6532 be exploited remotely?

Yes, CVE-2012-6532 can be exploited by remote attackers through recursive or circular references in XML entity definitions.

Vulnerability/
CVE-2012-6532

medium

CWE

776 611 399

13/2/2013

17/5/2022

6/8/2024

CVE-2012-6532: XEE

First published: Wed Feb 13 2013(Updated: )

(1) `Zend_Dom`, (2) `Zend_Feed`, (3) `Zend_Soap`, and (4) `Zend_XmlRpc` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
composer/zendframework/zendframework1	>=1.12.0-rc1<1.12.0	1.12.0
composer/zendframework/zendframework1	>=1.0<1.11.13	1.11.13
Zend Framework	=1.0.4
Zend Framework	=1.5.0
Zend Framework	=1.5.1
Zend Framework	=1.5.2
Zend Framework	=1.5.3
Zend Framework	=1.6.0
Zend Framework	=1.6.1
Zend Framework	=1.6.2
Zend Framework	=1.7.0
Zend Framework	=1.7.1
Zend Framework	=1.7.2
Zend Framework	=1.7.3
Zend Framework	=1.7.4
Zend Framework	=1.7.5
Zend Framework	=1.7.6
Zend Framework	=1.7.7
Zend Framework	=1.7.8
Zend Framework	=1.7.9
Zend Framework	=1.8.0
Zend Framework	=1.8.1
Zend Framework	=1.8.2
Zend Framework	=1.8.3
Zend Framework	=1.8.4
Zend Framework	=1.8.5
Zend Framework	=1.9.0
Zend Framework	=1.9.1
Zend Framework	=1.9.2
Zend Framework	=1.9.3
Zend Framework	=1.9.4
Zend Framework	=1.9.5
Zend Framework	=1.9.6
Zend Framework	=1.9.7
Zend Framework	=1.9.8
Zend Framework	=1.10.0
Zend Framework	=1.10.1
Zend Framework	=1.10.2
Zend Framework	=1.10.3
Zend Framework	=1.10.4
Zend Framework	=1.10.5
Zend Framework	=1.10.6
Zend Framework	=1.10.7
Zend Framework	=1.10.8
Zend Framework	=1.11.0
Zend Framework	=1.11.1
Zend Framework	=1.11.2
Zend Framework	=1.11.3
Zend Framework	=1.11.4
Zend Framework	=1.11.5
Zend Framework	=1.11.6
Zend Framework	=1.11.7
Zend Framework	=1.11.8
Zend Framework	=1.11.9
Zend Framework	=1.11.10
Zend Framework	=1.11.11
Zend Framework	=1.11.12
Zend Framework	=1.12.0-rc1
Zend Framework	=1.12.0-rc2
Zend Framework	=1.12.0-rc3
Zend Framework	=1.12.0-rc4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6532?
CVE-2012-6532 has been classified as a denial of service vulnerability, specifically affecting CPU consumption.
How do I fix CVE-2012-6532?
To address CVE-2012-6532, upgrade to Zend Framework version 1.12.0 or 1.11.13.
Which versions of Zend Framework are affected by CVE-2012-6532?
CVE-2012-6532 affects Zend Framework 1.x versions prior to 1.11.13 and 1.12.x prior to 1.12.0.
What components are impacted by CVE-2012-6532?
The components impacted by CVE-2012-6532 include Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc within Zend Framework.
Can CVE-2012-6532 be exploited remotely?
Yes, CVE-2012-6532 can be exploited by remote attackers through recursive or circular references in XML entity definitions.

agent/type
agent/references
agent/weakness
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-jh4x-4wmf-67pr
alias/CVE-2012-6532
agent/software-canonical-lookup
agent/softwarecombine
agent/description
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
package-manager/composer
vendor/zend
canonical/zend framework
version/zend framework/1.0.4
version/zend framework/1.5.0
version/zend framework/1.5.1
version/zend framework/1.5.2
version/zend framework/1.5.3
version/zend framework/1.6.0
version/zend framework/1.6.1
version/zend framework/1.6.2
version/zend framework/1.7.0
version/zend framework/1.7.1
version/zend framework/1.7.2
version/zend framework/1.7.3
version/zend framework/1.7.4
version/zend framework/1.7.5
version/zend framework/1.7.6
version/zend framework/1.7.7
version/zend framework/1.7.8
version/zend framework/1.7.9
version/zend framework/1.8.0
version/zend framework/1.8.1
version/zend framework/1.8.2
version/zend framework/1.8.3
version/zend framework/1.8.4
version/zend framework/1.8.5
version/zend framework/1.9.0
version/zend framework/1.9.1
version/zend framework/1.9.2
version/zend framework/1.9.3
version/zend framework/1.9.4
version/zend framework/1.9.5
version/zend framework/1.9.6
version/zend framework/1.9.7
version/zend framework/1.9.8
version/zend framework/1.10.0
version/zend framework/1.10.1
version/zend framework/1.10.2
version/zend framework/1.10.3
version/zend framework/1.10.4
version/zend framework/1.10.5
version/zend framework/1.10.6
version/zend framework/1.10.7
version/zend framework/1.10.8
version/zend framework/1.11.0
version/zend framework/1.11.1
version/zend framework/1.11.2
version/zend framework/1.11.3
version/zend framework/1.11.4
version/zend framework/1.11.5
version/zend framework/1.11.6
version/zend framework/1.11.7
version/zend framework/1.11.8
version/zend framework/1.11.9
version/zend framework/1.11.10
version/zend framework/1.11.11
version/zend framework/1.11.12
version/zend framework/1.12.0-rc1
version/zend framework/1.12.0-rc2
version/zend framework/1.12.0-rc3
version/zend framework/1.12.0-rc4