Critical severity9.1NVD Advisory· Published Feb 13, 2013· Updated Jun 16, 2026
CVE-2012-3363
CVE-2012-3363
Description
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zendframework/zendframework1Packagist | >= 1.0.0, < 1.11.12 | 1.11.12 |
zendframework/zendframework1Packagist | >= 1.12.0-rc1, < 1.12.0 | 1.12.0 |
Affected products
9cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*range: >=1.0.0,<1.11.12
- cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
15- framework.zend.com/security/advisory/ZF2012-01nvdVendor AdvisoryWEB
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-7pg4-5233-82jvghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2012-3363ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.htmlnvdMailing ListWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.htmlnvdMailing ListWEB
- openwall.com/lists/oss-security/2013/03/25/2nvdMailing ListWEB
- www.debian.org/security/2012/dsa-2505nvdMailing ListWEB
- www.openwall.com/lists/oss-security/2012/06/26/2nvdMailing ListWEB
- www.openwall.com/lists/oss-security/2012/06/26/4nvdMailing ListWEB
- www.openwall.com/lists/oss-security/2012/06/27/2nvdMailing ListWEB
- github.com/zendframework/zf1/commit/281a3251d71ed40a5289ec4afc355eea8e014dc5ghsaWEB
- web.archive.org/web/20170223044943/http://www.securitytracker.com/idghsaWEB
- www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txtnvdBroken LinkWEB
News mentions
0No linked articles in our index yet.