Information disclosure in Zend Zend_framework
CVE-2012-5657
The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a…
Vulnerability class: Information Disclosure
EPSS: 0.007 (72.9th percentile) — read the EPSS interpretation.
Affected products
- Zend Zend_framework — versions 1.11.0, 1.11.1, 1.11.2
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20121219 CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) (mailing-list, x_refsource_MLIST)
- DSA-2602 (vendor-advisory, x_refsource_DEBIAN)
- MDVSA-2013:115 (vendor-advisory, x_refsource_MANDRIVA)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- 51583 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- [oss-security] 20121219 Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) (mailing-list, x_refsource_MLIST)