Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2014-0151
HistoryApr 03, 2014 - 4:43 a.m.

Updated php-ZendFramework packages fix multiple vulnerabilities

2014-04-0304:43:46
Gentoo Foundation
advisories.mageia.org
21

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Updated php-ZendFramework packages fix security vulnerabilities: XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform other more advanced XML External Entity (XXE) attacks (CVE-2014-2681, CVE-2014-2682, CVE-2014-2683). Using the Consumer component of Zend_OpenId, it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the control of our own OpenID Provider. Thus, we are able to impersonate any OpenID Identity against the framework (CVE-2014-2684, CVE-2014-2685).

Related

openvas 17
fedora 8
nessus 10
amazon 1
securityvulns 5
osv 7
debian 4
veracode 4
cvelist 5
nvd 5
cve 5
ubuntucve 5
prion 5
github 3
openvas
openvas
Fedora Update for php-ZendFramework FEDORA-2014-4603
2014-04-15 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-377)
2015-09-08 00:00:00
Fedora Update for php-ZendFramework2 FEDORA-2014-4612
2014-04-15 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-ZendFramework-1.12.5-1.fc20
2014-04-14 22:36:10
[SECURITY] Fedora 20 Update: php-ZendFramework2-2.2.7-1.fc20
2014-05-28 23:52:16
[SECURITY] Fedora 20 Update: php-ZendFramework2-2.2.6-1.fc20
2014-04-14 22:45:44
nessus
nessus
Fedora 20 : php-ZendFramework2-2.2.6-1.fc20 (2014-4612)
2014-04-15 00:00:00
Fedora 19 : php-ZendFramework-1.12.5-1.fc19 (2014-4603)
2014-04-15 00:00:00
Amazon Linux AMI : php-ZendFramework (ALAS-2014-377)
2014-10-12 00:00:00
amazon
amazon
Important: php-ZendFramework
2014-07-23 13:39:00
securityvulns
securityvulns
[ MDVSA-2014:072 ] php-ZendFramework
2014-05-05 00:00:00
[ MDVSA-2015:097 ] php-ZendFramework
2015-05-12 00:00:00
[SECURITY] [DSA 3265-1] zendframework security update
2015-06-08 00:00:00
osv
osv
zendframework - security update
2015-05-20 00:00:00
zendframework - regression update
2015-05-20 00:00:00
zendframework - regression update
2015-06-23 00:00:00
debian
debian
[SECURITY] [DSA 3265-2] zendframework regression update
2015-05-24 11:55:24
[SECURITY] [DSA 3265-1] zendframework security update
2015-05-20 09:37:25
[SECURITY] [DLA 251-1] zendframework security update
2015-06-20 18:40:57
veracode
veracode
Xml Entity Expansion (XEE)
2017-07-30 03:57:23
Authentication Bypass
2017-07-30 23:11:29
Bypassing Authentication And Spoofing Arbitrary OpenID Identities
2017-07-29 12:01:20
cvelist
cvelist
CVE-2014-2685
2014-09-04 17:00:00
CVE-2014-2684
2014-11-16 00:00:00
CVE-2014-2683
2014-11-16 00:00:00
nvd
nvd
CVE-2014-2685
2014-09-04 17:55:04
CVE-2014-2684
2014-11-16 00:59:04
CVE-2014-2682
2014-11-16 00:59:02
cve
cve
CVE-2014-2685
2014-09-04 17:55:04
CVE-2014-2684
2014-11-16 00:59:04
CVE-2014-2683
2014-11-16 00:59:03
ubuntucve
ubuntucve
CVE-2014-2685
2014-09-04 00:00:00
CVE-2014-2684
2014-11-16 00:00:00
CVE-2014-2682
2014-11-16 00:00:00
prion
prion
Authentication flaw
2014-09-04 17:55:00
Authentication flaw
2014-11-16 00:59:00
Xxe
2014-11-16 00:59:00
github
github
Several Zend Products Vulnerable to XXE and XEE attacks
2022-05-14 00:56:24
Several Zend Products Vulnerable to XXE and XEE attacks
2022-05-14 00:56:24
Several Zend Products Vulnerable to XXE and XEE attacks
2022-05-14 00:56:24

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON
Related for MGASA-2014-0151
openvas17fedora8nessus10amazon1securityvulns5osv7debian4veracode4cvelist5nvd5cve5ubuntucve5prion5github3