Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 19 Dec 2012 21:46:29 -0700

There doesn't seem to be a CVE for this issue.  Could one be assigned?
Thanks.


A vulnerability was reported in Zend Framework versions prior to 1.11.15
and 1.12.1, which can be exploited to disclose certain sensitive
information.  This flaw is caused due to an error in the "Zend_Feed_Rss"
and "Zend_Feed_Atom" classes of the "Zend_Feed" component, when
processing XML data.  It can be used to disclose the contents of certain
local files by sending specially crafted XML data including external
entity references.


References:
http://framework.zend.com/security/advisory/ZF2012-05
https://bugzilla.redhat.com/show_bug.cgi?id=889037
http://secunia.com/advisories/51583

--
Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]