Vulnerabilities > CVE-2012-5657 - Information Exposure vulnerability in Zend Framework
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-0061.NASL description Fixes for security relevant issue CVE-2012-5657 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-21 plugin id 63628 published 2013-01-21 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63628 title Fedora 16 : php-ZendFramework-1.12.1-1.fc16 (2013-0061) NASL family Fedora Local Security Checks NASL id FEDORA_2013-0057.NASL description Fixes for security relevant issue CVE-2012-5657 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-21 plugin id 63627 published 2013-01-21 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63627 title Fedora 17 : php-ZendFramework-1.12.1-1.fc17 (2013-0057) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2602.NASL description Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information. last seen 2020-03-17 modified 2013-01-09 plugin id 63433 published 2013-01-09 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63433 title Debian DSA-2602-1 : zendframework - XML external entity inclusion NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3265.NASL description Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. - CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some functions. This fix extends the incomplete one from CVE-2012-5657. - CVE-2014-2682 Lukas Reschke reported a failure to consider that the libxml_disable_entity_loader setting is shared among threads in the PHP-FPM case. This fix extends the incomplete one from CVE-2012-5657. - CVE-2014-2683 Lukas Reschke reported a lack of protection against XML Entity Expansion attacks in some functions. This fix extends the incomplete one from CVE-2012-6532. - CVE-2014-2684 Christian Mainka and Vladislav Mladenov from the Ruhr-University Bochum reported an error in the consumer last seen 2020-06-01 modified 2020-06-02 plugin id 83748 published 2015-05-21 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83748 title Debian DSA-3265-1 : zendframework - security update NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-115.NASL description Updated php-ZendFramework packages fix security vulnerabilities : Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc in Zend Framework before 1.11.13 and 1.12.0 are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement (ZF2012-02). A vulnerability was reported in Zend Framework versions prior to 1.11.15 and 1.12.1, which can be exploited to disclose certain sensitive information. This flaw is caused due to an error in the Zend_Feed_Rss and Zend_Feed_Atom classes of the Zend_Feed component, when processing XML data. It can be used to disclose the contents of certain local files by sending specially crafted XML data including external entity references (CVE-2012-5657, ZF2012-05). last seen 2020-06-01 modified 2020-06-02 plugin id 66127 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66127 title Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2013:115) NASL family Fedora Local Security Checks NASL id FEDORA_2013-0063.NASL description Fixes for security relevant issue CVE-2012-5657 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-21 plugin id 63629 published 2013-01-21 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63629 title Fedora 18 : php-ZendFramework-1.12.1-1.fc18 (2013-0063) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-153.NASL description The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. last seen 2020-06-01 modified 2020-06-02 plugin id 69712 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69712 title Amazon Linux AMI : php-ZendFramework (ALAS-2013-153) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-251.NASL description The previous zendframework upload incorrectly fixes CVE-2015-3154, causing a regression. This update corrects this problem. Thanks to Евгений Смолин (Evgeny Smolin) <[email protected]>. CVE-2012-6531 Pádraic Brady identified a weakness to handle the SimpleXMLElement zendframework class, allowing to remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack. CVE-2012-6532 Pádraic Brady found that remote attackers could cause a denial of service by CPU consumption, via recursive or circular references through an XML entity expansion (XEE) attack. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some functions. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2682 Lukas Reschke reported a failure to consider that the libxml_disable_entity_loader setting is shared among threads in the PHP-FPM case. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2683 Lukas Reschke reported a lack of protection against XML Entity Expansion attacks in some functions. This fix extends the incomplete one from CVE-2012-6532. CVE-2014-2684 Christian Mainka and Vladislav Mladenov from the Ruhr-University Bochum reported an error in the consumer last seen 2020-03-17 modified 2015-06-22 plugin id 84297 published 2015-06-22 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84297 title Debian DLA-251-2 : zendframework regression update
References
- http://framework.zend.com/security/advisory/ZF2012-05
- http://openwall.com/lists/oss-security/2012/12/20/2
- http://openwall.com/lists/oss-security/2012/12/20/4
- http://secunia.com/advisories/51583
- http://www.debian.org/security/2012/dsa-2602
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:115