Issue Type: Bug Created: 2012-12-13T14:19:06.000+0000 Last Updated: 2012-12-18T18:40:54.000+0000 Status: Resolved Fix version(s): - 1.11.15 (18/Dec/12)
Reporter: Yury (ymaryshev) Assignee: Matthew Weier O'Phinney (matthew) Tags: Related issues: Attachments:
---[ Vulnerable software]
Zend Framework Version: 1.12.0 and earlier
Severity level: Medium Impact: XML External Entity Injection (XXE) Attack vector: Remote
CVSS v2 Base Score: 6.4 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) CVE: N/A
---[ Vulnerability description]
The specialists of the Positive Research center have detected a XXE Injection vulnerability in Zend Framework. XXE Injection is possible during import of RSS documents in Zend Framework. An attacker is able to read an arbitrary file on the target system.
Example: $channel = new Zend_Feed_Rss('http://example.com/rss.xml'); echo $channel->title();
rss.xml content:]> FILE:&x; ... ---[ How to fix ]
There is no solution available.
Vulnerability was detected by Yury Dyachenko (Positive Research Center)
Posted by Matthew Weier O'Phinney (matthew) on 2012-12-18T18:40:54.000+0000
Fixed on trunk, release-1.11, and release-1.12 branches.
Have you found an issue?
See the Overview section for more details.