CVE-2014-2681 in Frameworkinformation

Résumé (Anglaise)

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Réserver

30/03/2014

Divulgation

15/11/2014

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
68622Zend Framework XML déni de service19Non prouvéeCorrectif officielCVE-2014-2681
12716Zend Framework ZendOpenId/Zend_OpenId19Non prouvéeCorrectif officielCVE-2014-2681
12715Zend Framework XML loadXML/xml_parse19Non prouvéeCorrectif officielCVE-2014-2681

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!