CVE-2011-3825
published 2011-09-24CVE-2011-3825: Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the…
PriorityP412medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.26%
66.0th percentile
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zend | framework | — | — |
| zend | server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fhjm-rh64-w3x4: Zend Framework 1
ghsa_unreviewed·2022-05-17
CVE-2011-3825 [MEDIUM] CWE-200 GHSA-fhjm-rh64-w3x4: Zend Framework 1
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
OSV
CVE-2011-3825: Zend Framework 1
osv·2011-09-24·CVSS 5.0
CVE-2011-3825 [MEDIUM] CVE-2011-3825: Zend Framework 1
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file
bugzilla·2011-09-26·CVSS 5.0
CVE-2011-3825 [MEDIUM] CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file
CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3825 to
the following vulnerability:
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3825
[2] http://www.openwall.com/lists/oss-security/2011/06/27/6
[3] http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README
[4] http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Zend
Discussion:
Created php-ZendFramework tr
Bugzilla
CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file [epel-6]
bugzilla·2011-09-26·CVSS 5.0
CVE-2011-3825 [MEDIUM] CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file [epel-6]
CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file [epel-6]
epel-6 tracking bug for php-ZendFramework: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Bugzilla
CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file [fedora-all]
bugzilla·2011-09-26·CVSS 5.0
CVE-2011-3825 [MEDIUM] CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file [fedora-all]
CVE-2011-3825 php-ZendFramework: Installation path disclosure via a direct request to a Validate.php file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=7413
http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_READMEhttp://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Zendhttp://www.openwall.com/lists/oss-security/2011/06/27/6http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_READMEhttp://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Zendhttp://www.openwall.com/lists/oss-security/2011/06/27/6
2011-09-24
Published