Описание
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
Ссылки
- Vendor Advisory
- Patch
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party Advisory
- Broken Link
- Vendor Advisory
- Patch
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
Уязвимые конфигурации
Одно из
Одно из
EPSS
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.1 ...
EPSS
9.1 Critical
CVSS3
6.4 Medium
CVSS2