Vulnerability Report

CVE-2012-5657

Title: Zend Zend Framework XML External Entity (XXE)

XXE

Proof Of Concept

No public PoC currently indexed for CVE-2012-5657.

CWE Category CWE-200
Published Date May 02, 2013
Modified Date Apr 29, 2026
Exploit Status Not Found
Score 5.0 CVSS v2.0
Exploit Probability (EPSS)
0.72%

Vulnerability Summary

CVE-2012-5657: The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.

Impacted Vendors

Z
zend 1

Reference Links

http://framework.zend.com/security/advisory/ZF2012-05 http://openwall.com/lists/oss-security/2012/12/20/2 http://openwall.com/lists/oss-security/2012/12/20/4 http://secunia.com/advisories/51583 http://www.debian.org/security/2012/dsa-2602 http://www.mandriva.com/security/advisories?name=MDVSA-2013:115 http://framework.zend.com/security/advisory/ZF2012-05 http://openwall.com/lists/oss-security/2012/12/20/2 http://openwall.com/lists/oss-security/2012/12/20/4 http://secunia.com/advisories/51583 http://www.debian.org/security/2012/dsa-2602 http://www.mandriva.com/security/advisories?name=MDVSA-2013:115
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
5.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2012-5657 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.