CVE-2012-6531

Published: 13 February 2013

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.

Priority

Status

Package	Release	Status
zend-framework Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hardy	Ignored (end of life)
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	lucid	Ignored (end of life)
	mantic	Does not exist
	oneiric	Ignored (end of life)
	precise	Ignored (end of life)
	quantal	Ignored (end of life)
	raring	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Does not exist (trusty was needed)
	upstream	Released (1.11.13, 1.12.0)
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Needed
	yakkety	Ignored (end of life)
	zesty	Does not exist
zendframework Launchpad, Ubuntu, Debian	artful	Not vulnerable
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	mantic	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Needed
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Not vulnerable

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2012-6531

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading