CVE-2012-6532 Information

Description

(1) Zend_Dom (2) Zend_Feed (3) Zend_Soap and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration aka an XML Entity Expansion (XEE) attack.

Reference

http://framework.zend.com/security/advisory/ZF2012-02 http://www.mandriva.com/security/advisories?name=MDVSA-2013:115