Lucene search

K
nessusTenable9144.PRM
HistoryMar 15, 2016 - 12:00 a.m.

Zend Framework 1.12.x < 1.12.4 / 2.1.x < 2.1.6 / 2.2.x < 2.2.6 Multiple XEE DoS

2016-03-1500:00:00
Tenable
www.tenable.com
13

Versions of Zend Framework 1.12.x earlier than 1.12.4, 2.1.x earlier than 2.1.6, or 2.2.x earlier than 2.2.6 are exposed to XEE (XML Entity Expansion) injection flaws that exist in multiple functions and are triggered during the parsing of XML data via DOCTYPE declarations. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker can cause a denial of service.

Binary data 9144.prm