Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

XML External Entity (XXE) Processing

zendframework/zendRest and zendframework/zendservice-amazon are vulnerable to XML external entity XXE processing attacks. The attacks exist because they do not properly scan the validity of the XML result data string in the construct function of Result.php and the validity of the http response bo...