Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zend Framework 资源管理错误漏洞
Vulnerability Description
Zend Framework(ZF)是美国Zend公司开发的一套开源的PHP5开发框架,它主要用于开发Web程序和服务。 Zend Framework 1.11.13之前的1.x版本以及1.12.0之前的1.12.x版本中的(1)Zend_Dom,(2)Zend_Feed,(3)Zend_Soap,以及(4)Zend_XmlRpc中存在漏洞。通过XML DOCTYPE声明中的XML实体定义中的递归或循环引用,远程攻击者可利用该漏洞导致拒绝服务(CPU耗尽)。
CVSS Information
N/A
Vulnerability Type
N/A