FreeBSD : Zend Framework -- Multiple vulnerabilities via XXE injection (ec34d0c2-1799-11e2-b4ab-000c29033c32)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Zend Framework team reports :

The XmlRpc package of Zend Framework is vulnerable to XML eXternal
Entity Injection attacks (both server and client). The
SimpleXMLElement class (SimpleXML PHP extension) is used in an
insecure way to parse XML data. External entities can be specified by
adding a specific DOCTYPE element to XML-RPC requests. By exploiting
this vulnerability an application may be coerced to open arbitrary
files and/or TCP connections.

Additionally, the Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc
components are vulnerable to XML Entity Expansion (XEE) vectors,
leading to Denial of Service vectors. XEE attacks occur when the XML
DOCTYPE declaration includes XML entity definitions that contain
either recursive or circular references; this leads to CPU and memory
consumption, making Denial of Service exploits trivial to implement.

See also :

http://www.nessus.org/u?a8588fbd
http://framework.zend.com/security/advisory/ZF2012-01
http://framework.zend.com/security/advisory/ZF2012-02
http://www.openwall.com/lists/oss-security/2012/06/26/2
http://www.magentocommerce.com/download/release_notes
http://www.nessus.org/u?e26f5b43

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 62571 ()

Bugtraq ID:

CVE ID: CVE-2012-3363

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now