(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zend_framework | Zend | 1.0.4 (including) | 1.0.4 (including) |
| Zend_framework | Zend | 1.5.0 (including) | 1.5.0 (including) |
| Zend_framework | Zend | 1.5.1 (including) | 1.5.1 (including) |
| Zend_framework | Zend | 1.5.2 (including) | 1.5.2 (including) |
| Zend_framework | Zend | 1.5.3 (including) | 1.5.3 (including) |
| Zend_framework | Zend | 1.6.0 (including) | 1.6.0 (including) |
| Zend_framework | Zend | 1.6.1 (including) | 1.6.1 (including) |
| Zend_framework | Zend | 1.6.2 (including) | 1.6.2 (including) |
| Zend_framework | Zend | 1.7.0 (including) | 1.7.0 (including) |
| Zend_framework | Zend | 1.7.1 (including) | 1.7.1 (including) |
| Zend_framework | Zend | 1.7.2 (including) | 1.7.2 (including) |
| Zend_framework | Zend | 1.7.3 (including) | 1.7.3 (including) |
| Zend_framework | Zend | 1.7.4 (including) | 1.7.4 (including) |
| Zend_framework | Zend | 1.7.5 (including) | 1.7.5 (including) |
| Zend_framework | Zend | 1.7.6 (including) | 1.7.6 (including) |
| Zend_framework | Zend | 1.7.7 (including) | 1.7.7 (including) |
| Zend_framework | Zend | 1.7.8 (including) | 1.7.8 (including) |
| Zend_framework | Zend | 1.7.9 (including) | 1.7.9 (including) |
| Zend_framework | Zend | 1.8.0 (including) | 1.8.0 (including) |
| Zend_framework | Zend | 1.8.1 (including) | 1.8.1 (including) |
| Zend_framework | Zend | 1.8.2 (including) | 1.8.2 (including) |
| Zend_framework | Zend | 1.8.3 (including) | 1.8.3 (including) |
| Zend_framework | Zend | 1.8.4 (including) | 1.8.4 (including) |
| Zend_framework | Zend | 1.8.5 (including) | 1.8.5 (including) |
| Zend_framework | Zend | 1.9.0 (including) | 1.9.0 (including) |
| Zend_framework | Zend | 1.9.1 (including) | 1.9.1 (including) |
| Zend_framework | Zend | 1.9.2 (including) | 1.9.2 (including) |
| Zend_framework | Zend | 1.9.3 (including) | 1.9.3 (including) |
| Zend_framework | Zend | 1.9.4 (including) | 1.9.4 (including) |
| Zend_framework | Zend | 1.9.5 (including) | 1.9.5 (including) |
| Zend_framework | Zend | 1.9.6 (including) | 1.9.6 (including) |
| Zend_framework | Zend | 1.9.7 (including) | 1.9.7 (including) |
| Zend_framework | Zend | 1.9.8 (including) | 1.9.8 (including) |
| Zend_framework | Zend | 1.10.0 (including) | 1.10.0 (including) |
| Zend_framework | Zend | 1.10.1 (including) | 1.10.1 (including) |
| Zend_framework | Zend | 1.10.2 (including) | 1.10.2 (including) |
| Zend_framework | Zend | 1.10.3 (including) | 1.10.3 (including) |
| Zend_framework | Zend | 1.10.4 (including) | 1.10.4 (including) |
| Zend_framework | Zend | 1.10.5 (including) | 1.10.5 (including) |
| Zend_framework | Zend | 1.10.6 (including) | 1.10.6 (including) |
| Zend_framework | Zend | 1.10.7 (including) | 1.10.7 (including) |
| Zend_framework | Zend | 1.10.8 (including) | 1.10.8 (including) |
| Zend_framework | Zend | 1.11.0 (including) | 1.11.0 (including) |
| Zend_framework | Zend | 1.11.1 (including) | 1.11.1 (including) |
| Zend_framework | Zend | 1.11.2 (including) | 1.11.2 (including) |
| Zend_framework | Zend | 1.11.3 (including) | 1.11.3 (including) |
| Zend_framework | Zend | 1.11.4 (including) | 1.11.4 (including) |
| Zend_framework | Zend | 1.11.5 (including) | 1.11.5 (including) |
| Zend_framework | Zend | 1.11.6 (including) | 1.11.6 (including) |
| Zend_framework | Zend | 1.11.7 (including) | 1.11.7 (including) |
| Zend_framework | Zend | 1.11.8 (including) | 1.11.8 (including) |
| Zend_framework | Zend | 1.11.9 (including) | 1.11.9 (including) |
| Zend_framework | Zend | 1.11.10 (including) | 1.11.10 (including) |
| Zend_framework | Zend | 1.11.11 (including) | 1.11.11 (including) |
| Zend_framework | Zend | 1.11.12 (including) | 1.11.12 (including) |
| Zend_framework | Zend | 1.12.0-rc1 (including) | 1.12.0-rc1 (including) |
| Zend_framework | Zend | 1.12.0-rc2 (including) | 1.12.0-rc2 (including) |
| Zend_framework | Zend | 1.12.0-rc3 (including) | 1.12.0-rc3 (including) |
| Zend_framework | Zend | 1.12.0-rc4 (including) | 1.12.0-rc4 (including) |
| Zend-framework | Ubuntu | esm-apps/xenial | * |
| Zend-framework | Ubuntu | hardy | * |
| Zend-framework | Ubuntu | lucid | * |
| Zend-framework | Ubuntu | oneiric | * |
| Zend-framework | Ubuntu | precise | * |
| Zend-framework | Ubuntu | quantal | * |
| Zend-framework | Ubuntu | raring | * |
| Zend-framework | Ubuntu | saucy | * |
| Zend-framework | Ubuntu | trusty | * |
| Zend-framework | Ubuntu | upstream | * |
| Zend-framework | Ubuntu | utopic | * |
| Zend-framework | Ubuntu | vivid | * |
| Zend-framework | Ubuntu | wily | * |
| Zend-framework | Ubuntu | xenial | * |
| Zend-framework | Ubuntu | yakkety | * |
| Zendframework | Ubuntu | upstream | * |