Signature Detail

APP: Zend Technologies Zend Framework Zend_XmlRpc Information Disclosure

This signature detects attempts to exploit a known flaw in Zend Technologies Zend Framework. A successful attack can lead to unauthorized information disclosure.

Extended Description

Zend Framework is prone to an information-disclosure vulnerability. Successful exploit of this issue allows an attacker to gain access to certain local files. Information obtained may aid in further attacks. Zend Framework versions prior to 1.11.12 and 1.12.0 are vulnerable.

Affected Products

• Debian Linux 6.0 amd64
• Debian Linux 6.0 arm
• Debian Linux 6.0 ia-32
• Debian Linux 6.0 ia-64
• Debian Linux 6.0 mips
• Debian Linux 6.0 powerpc
• Debian Linux 6.0 s/390
• Debian Linux 6.0 sparc
• Magento Community Edition 1.7.0.1
• Magento Enterprise Edition 1.12.0.1
• Red Hat Fedora 16
• Red Hat Fedora 17
• Zend Zend Framework 1.10.2
• Zend Zend Framework 1.10.3
• Zend Zend Framework 1.10.4
• Zend Zend Framework 1.10.9
• Zend Zend Framework 1.11.3
• Zend Zend Framework 1.11.4
• Zend Zend Framework 1.11.6
• Zend Zend Framework 1.7
• Zend Zend Framework 1.7.0
• Zend Zend Framework 1.7.1
• Zend Zend Framework 1.7.2
• Zend Zend Framework 1.7.3
• Zend Zend Framework 1.7.4
• Zend Zend Framework 1.7.5
• Zend Zend Framework 1.7.6
• Zend Zend Framework 1.7.7
• Zend Zend Framework 1.7.8
• Zend Zend Framework 1.7.9
• Zend Zend Framework 1.8.0
• Zend Zend Framework 1.8.1
• Zend Zend Framework 1.8.2
• Zend Zend Framework 1.8.3
• Zend Zend Framework 1.8.5
• Zend Zend Framework 1.9.0
• Zend Zend Framework 1.9.1
• Zend Zend Framework 1.9.2
• Zend Zend Framework 1.9.3
• Zend Zend Framework 1.9.4
• Zend Zend Framework 1.9.4
• Zend Zend Framework 1.9.5
• Zend Zend Framework 1.9.6
• Zend Zend Framework 1.9.7
• Zend Zend Framework 1.9.8

References

• BugTraq: 54192
• CVE: CVE-2012-3363