News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Zend Framework Security Upgrade (Zend_XmlRpc XXE Issue)
June 25, 2012 @ 21:20:09

Based in some recent issues found with the Zend_XmlRpc component of the Zend Framework, the project has release an update, version 1.11.12 that includes a fix for the component to prevent an XXE injection attack.

Zend_XmlRpc is vulnerable to XML eXternal Entity (XXE) Injection attacks. The SimpleXMLElement class (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.

This security advisory describes the problem as well as the steps taken to correct it and provide the update. It is recommended that anyone using this component upgrade immediately to prevent issues. You can download the latest issue from the Zend Framework download page.

0 comments voice your opinion now!
zendframework update zenxmlrpc update xee xml attach injection


blog comments powered by Disqus

Similar Posts

Pádraic Brady's Blog: Complex Views with the Zend Framework - Pt 5: The Two-Step View Pattern

Christoph Dorn's Blog: Profiling queries with Zend_Db_Profiler_Firebug

Matthew Weier O'Phinney's Blog: ZF+Dojo Webinar

Padraic Brady's Blog: ZF Blog App - Part 4: Design with Blueprint CSS & Zend_Layout

Matthew Weir O'Phinney's Blog: Using Zend_View Placeholders to Your Advantage


Community Events

Don't see your event here?
Let us know!


symfony series list api part2 example composer programming opinion project framework php7 interview podcast introduction yii2 language application community laravel

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework