Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability

Zend Framework is prone to an information-disclosure vulnerability.

Successful exploit of this issue allows an attacker to gain access to certain local files. Information obtained may aid in further attacks.

Zend Framework versions prior to 1.11.12 and 1.12.0 are vulnerable.

NOTE: This document previously covered with Magento and Zend Framework affected products. The Magento has been moved to BID 57140 (Magento 'Zend_XmlRpc' Class Information Disclosure Vulnerability) to better document it.


Privacy Statement
Copyright 2010, SecurityFocus