Vulnerabilities > CVE-2012-3363 - XXE vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Zend Framework Local File Disclosure. CVE-2012-3363. Webapps exploit for php platform |
id | EDB-ID:19408 |
last seen | 2016-02-02 |
modified | 2012-06-27 |
published | 2012-06-27 |
reporter | SEC Consult |
source | https://www.exploit-db.com/download/19408/ |
title | Zend Framework Local File Disclosure |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2505.NASL description An XML External Entities inclusion vulnerability was discovered in Zend Framework, a PHP library. This vulnerability may allow attackers to access to local files, depending on how the framework is used. last seen 2020-03-17 modified 2012-07-03 plugin id 59824 published 2012-07-03 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59824 title Debian DSA-2505-1 : zendframework - information disclosure NASL family Fedora Local Security Checks NASL id FEDORA_2013-4387.NASL description Fix for CVEs: CVE-2012-3363 CVE-2013-1830 CVE-2013-1831 CVE-2013-1832 CVE-2013-1833 CVE-2013-1834 CVE-2013-1835 CVE-2013-1836 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-03 plugin id 65775 published 2013-04-03 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65775 title Fedora 18 : moodle-2.3.6-1.fc18 (2013-4387) NASL family Fedora Local Security Checks NASL id FEDORA_2013-4404.NASL description Fix for CVEs: CVE-2012-3363 CVE-2013-1830 CVE-2013-1831 CVE-2013-1832 CVE-2013-1833 CVE-2013-1834 CVE-2013-1835 CVE-2013-1836 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-03 plugin id 65777 published 2013-04-03 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65777 title Fedora 17 : moodle-2.2.9-1.fc17 (2013-4404) NASL family Fedora Local Security Checks NASL id FEDORA_2012-9978.NASL description Update to 1.11.12 which fixes security issue ZF2012-01: Local file disclosure via XXE injection in Zend_XmlRpc Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-16 plugin id 59977 published 2012-07-16 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59977 title Fedora 16 : php-ZendFramework-1.11.12-1.fc16 (2012-9978) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EC34D0C2179911E2B4AB000C29033C32.NASL description The Zend Framework team reports : The XmlRpc package of Zend Framework is vulnerable to XML eXternal Entity Injection attacks (both server and client). The SimpleXMLElement class (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections. Additionally, the Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc components are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement. last seen 2020-06-01 modified 2020-06-02 plugin id 62571 published 2012-10-17 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62571 title FreeBSD : Zend Framework -- Multiple vulnerabilities via XXE injection (ec34d0c2-1799-11e2-b4ab-000c29033c32) NASL family Fedora Local Security Checks NASL id FEDORA_2012-9979.NASL description Update to 1.11.12 which fixes security issue ZF2012-01: Local file disclosure via XXE injection in Zend_XmlRpc Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-16 plugin id 59978 published 2012-07-16 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59978 title Fedora 17 : php-ZendFramework-1.11.12-1.fc17 (2012-9979)
References
- http://framework.zend.com/security/advisory/ZF2012-01
- http://framework.zend.com/security/advisory/ZF2012-01
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
- http://openwall.com/lists/oss-security/2013/03/25/2
- http://openwall.com/lists/oss-security/2013/03/25/2
- http://www.debian.org/security/2012/dsa-2505
- http://www.debian.org/security/2012/dsa-2505
- http://www.openwall.com/lists/oss-security/2012/06/26/2
- http://www.openwall.com/lists/oss-security/2012/06/26/2
- http://www.openwall.com/lists/oss-security/2012/06/26/4
- http://www.openwall.com/lists/oss-security/2012/06/26/4
- http://www.openwall.com/lists/oss-security/2012/06/27/2
- http://www.openwall.com/lists/oss-security/2012/06/27/2
- http://www.securitytracker.com/id?1027208
- http://www.securitytracker.com/id?1027208
- https://moodle.org/mod/forum/discuss.php?d=225345
- https://moodle.org/mod/forum/discuss.php?d=225345
- https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
- https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt