CVE-2012-6532
Zend Framework XEE Vulnerability
EPSS 0.47%
Description
(1) `Zend_Dom`, (2) `Zend_Feed`, (3) `Zend_Soap`, and (4) `Zend_XmlRpc` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
How to fix CVE-2012-6532
To remediate CVE-2012-6532, upgrade the affected package to a fixed version below.
- Packagist/zendframework/zendframework1—upgrade to 1.11.13 or later
Is CVE-2012-6532 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.0, < 1.11.13