Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-02-13T17:00:00
Updated: 2024-08-06T20:05:12.421Z
Reserved: 2012-06-14T00:00:00
Link: CVE-2012-3363
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-02-13T17:55:01.320
Modified: 2024-11-21T01:40:42.670
Link: CVE-2012-3363
Redhat
No data.