Resource management error in Zend Framework - CVE-2012-6532
Published: February 13, 2013 / Updated: August 11, 2020
Vulnerability identifier: #VU43095
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-6532
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zend
Affected software:
Zend Framework
Zend Framework
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
How to mitigate CVE-2012-6532
Install update from vendor's website.