Skip to navigation

CVE Database

CVE-2012-5657

Impact: Moderate
Public: 2012-12-19
Bugzilla: 889037: CVE-2012-5657 php-ZendFramework: information disclosure flaw due to error when processing XML data

Details

The MITRE CVE dictionary describes this issue as:

The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.

Find out more about CVE-2012-5657 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score: 4.3
Base Metrics: AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date

External References

http://framework.zend.com/security/advisory/ZF2012-05

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.