Vulnerabilites related to zend - zend_framework
CVE-2014-2684 (GCVE-0-2014-2684)
Vulnerability from cvelistv5
Published
2014-11-16 00:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0151.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2014-02",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2684",
"datePublished": "2014-11-16T00:00:00",
"dateReserved": "2014-03-30T00:00:00",
"dateUpdated": "2024-08-06T10:21:36.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10034 (GCVE-0-2016-10034)
Vulnerability from cvelistv5
Published
2016-12-30 19:00
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201804-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "42221",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42221/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html"
},
{
"name": "40979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40979/"
},
{
"name": "1037539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037539"
},
{
"name": "40986",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40986/"
},
{
"name": "95144",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted e-mail address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201804-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "42221",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42221/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html"
},
{
"name": "40979",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40979/"
},
{
"name": "1037539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037539"
},
{
"name": "40986",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40986/"
},
{
"name": "95144",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95144"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201804-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "42221",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42221/"
},
{
"name": "https://framework.zend.com/security/advisory/ZF2016-04",
"refsource": "CONFIRM",
"url": "https://framework.zend.com/security/advisory/ZF2016-04"
},
{
"name": "https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html"
},
{
"name": "40979",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40979/"
},
{
"name": "1037539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037539"
},
{
"name": "40986",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40986/"
},
{
"name": "95144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95144"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10034",
"datePublished": "2016-12-30T19:00:00",
"dateReserved": "2016-12-23T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2681 (GCVE-0-2014-2681)
Vulnerability from cvelistv5
Published
2014-11-16 00:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"name": "[oss-security] 20140331 Re: CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"name": "[oss-security] 20140331 Re: CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2014:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0151.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2014-01",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"name": "[oss-security] 20140331 Re: CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2681",
"datePublished": "2014-11-16T00:00:00",
"dateReserved": "2014-03-30T00:00:00",
"dateUpdated": "2024-08-06T10:21:36.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2683 (GCVE-0-2014-2683)
Vulnerability from cvelistv5
Published
2014-11-16 00:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0151.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2014-01",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2683",
"datePublished": "2014-11-16T00:00:00",
"dateReserved": "2014-03-30T00:00:00",
"dateUpdated": "2024-08-06T10:21:36.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6532 (GCVE-0-2012-6532)
Vulnerability from cvelistv5
Published
2013-02-13 17:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2013:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2013:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:115",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2012-02",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2012-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6532",
"datePublished": "2013-02-13T17:00:00",
"dateReserved": "2013-02-13T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8088 (GCVE-0-2014-8088)
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-12344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html"
},
{
"name": "[oss-security] 20141010 Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/10/5"
},
{
"name": "FEDORA-2014-12418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html"
},
{
"name": "70378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "zend-framework-cve20148088-sec-bypass(97038)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-12344",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html"
},
{
"name": "[oss-security] 20141010 Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/10/5"
},
{
"name": "FEDORA-2014-12418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html"
},
{
"name": "70378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "zend-framework-cve20148088-sec-bypass(97038)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-12344",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html"
},
{
"name": "[oss-security] 20141010 Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/10/5"
},
{
"name": "FEDORA-2014-12418",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html"
},
{
"name": "70378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70378"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "zend-framework-cve20148088-sec-bypass(97038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8088",
"datePublished": "2014-10-22T14:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29312 (GCVE-0-2020-29312)
Vulnerability from cvelistv5
Published
2023-04-04 00:00
Modified
2025-02-18 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://zend.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://cowtransfer.com/s/f9684f004d7149"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zendframework/zendframework"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-29312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T17:26:52.717518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:08:59.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T21:37:07.002Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://zend.com"
},
{
"url": "https://cowtransfer.com/s/f9684f004d7149"
},
{
"url": "https://github.com/zendframework/zendframework"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29312",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2020-11-27T00:00:00.000Z",
"dateUpdated": "2025-02-18T17:08:59.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4451 (GCVE-0-2012-4451)
Vulnerability from cvelistv5
Published
2020-01-03 16:03
Modified
2024-08-06 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zend Technologies | Zend Framework |
Version: 2.0.x before 2.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zend Framework",
"vendor": "Zend Technologies",
"versions": [
{
"status": "affected",
"version": "2.0.x before 2.0.1"
}
]
}
],
"datePublic": "2012-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, or (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, related to Escaper."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T16:03:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zend Framework",
"version": {
"version_data": [
{
"version_value": "2.0.x before 2.0.1"
}
]
}
}
]
},
"vendor_name": "Zend Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, or (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, related to Escaper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=436210",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"name": "http://seclists.org/oss-sec/2012/q3/571",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"name": "http://seclists.org/oss-sec/2012/q3/573",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2012-03",
"refsource": "MISC",
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=860738",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"name": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733",
"refsource": "MISC",
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"name": "http://www.securityfocus.com/bid/55636",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/55636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4451",
"datePublished": "2020-01-03T16:03:03",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5723 (GCVE-0-2015-5723)
Vulnerability from cvelistv5
Published
2016-06-07 14:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3369",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"name": "FEDORA-2016-8dc0af2c29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-07"
},
{
"name": "FEDORA-2016-fa7e683c6e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3369",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"name": "FEDORA-2016-8dc0af2c29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-07"
},
{
"name": "FEDORA-2016-fa7e683c6e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3369",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"name": "FEDORA-2016-8dc0af2c29",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"
},
{
"name": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html",
"refsource": "CONFIRM",
"url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2015-07",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2015-07"
},
{
"name": "FEDORA-2016-fa7e683c6e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5723",
"datePublished": "2016-06-07T14:00:00",
"dateReserved": "2015-08-03T00:00:00",
"dateUpdated": "2024-08-06T06:59:04.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1786 (GCVE-0-2015-1786)
Vulnerability from cvelistv5
Published
2017-06-08 21:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://framework.zend.com/changelog/2.3.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://framework.zend.com/changelog/2.3.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://framework.zend.com/changelog/2.3.6",
"refsource": "CONFIRM",
"url": "https://framework.zend.com/changelog/2.3.6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1786",
"datePublished": "2017-06-08T21:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6531 (GCVE-0-2012-6531)
Vulnerability from cvelistv5
Published
2013-02-13 17:00
Modified
2024-09-16 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120627 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"name": "DSA-2505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"name": "[oss-security] 20120626 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"name": "[oss-security] 20120626 XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-13T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120627 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"name": "DSA-2505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"name": "[oss-security] 20120626 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"name": "[oss-security] 20120626 XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120627 Re: XXE in Zend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"name": "DSA-2505",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"name": "[oss-security] 20120626 Re: XXE in Zend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"name": "[oss-security] 20120626 XXE in Zend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2012-01",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"name": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6531",
"datePublished": "2013-02-13T17:00:00Z",
"dateReserved": "2013-02-13T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:53.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4914 (GCVE-0-2014-4914)
Vulnerability from cvelistv5
Published
2017-12-29 14:00
Modified
2024-08-06 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:36.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58847"
},
{
"name": "[oss-security] 20140711 Re: Zend Framework CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/4"
},
{
"name": "JVN#71730320",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71730320/index.html"
},
{
"name": "68031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-04"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2015/dsa-3265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-30T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "58847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58847"
},
{
"name": "[oss-security] 20140711 Re: Zend Framework CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/4"
},
{
"name": "JVN#71730320",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71730320/index.html"
},
{
"name": "68031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-04"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2015/dsa-3265"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4914",
"datePublished": "2017-12-29T14:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:34:36.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4913 (GCVE-0-2014-4913)
Vulnerability from cvelistv5
Published
2019-12-15 21:24
Modified
2024-08-06 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Potential XSS vector in multiple view helpers
Summary
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| zendframework | zendframework |
Version: Fixed: Zend Framework 2.2.7 Version: Zend Framework 2.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:36.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4913"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-4913"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66971"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://framework.zend.com/security/advisory/ZF2014-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zendframework",
"vendor": "zendframework",
"versions": [
{
"status": "affected",
"version": "Fixed: Zend Framework 2.2.7"
},
{
"status": "affected",
"version": "Zend Framework 2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZF2014-03 has a potential cross site scripting vector in multiple view helpers"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Potential XSS vector in multiple view helpers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-15T21:24:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4913"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-4913"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/66971"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://framework.zend.com/security/advisory/ZF2014-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zendframework",
"version": {
"version_data": [
{
"version_value": "Fixed: Zend Framework 2.2.7"
},
{
"version_value": "Zend Framework 2.3.1"
}
]
}
}
]
},
"vendor_name": "zendframework"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZF2014-03 has a potential cross site scripting vector in multiple view helpers"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential XSS vector in multiple view helpers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-4913",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4913"
},
{
"name": "https://access.redhat.com/security/cve/cve-2014-4913",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2014-4913"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/07/11/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/4"
},
{
"name": "http://www.securityfocus.com/bid/66971",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/66971"
},
{
"name": "https://framework.zend.com/security/advisory/ZF2014-03",
"refsource": "MISC",
"url": "https://framework.zend.com/security/advisory/ZF2014-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-4913",
"datePublished": "2019-12-15T21:24:36",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:34:36.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7503 (GCVE-0-2015-7503)
Vulnerability from cvelistv5
Published
2017-10-10 16:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://framework.zend.com/security/advisory/ZF2015-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://framework.zend.com/security/advisory/ZF2015-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7503",
"datePublished": "2017-10-10T16:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4861 (GCVE-0-2016-4861)
Vulnerability from cvelistv5
Published
2017-02-16 18:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-666d95d1d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name": "GLSA-201804-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "FEDORA-2016-7f193a0c59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name": "FEDORA-2016-77e5105570",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"name": "[debian-lts-announce] 20180628 [SECURITY] [DLA 1403-1] zendframework security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-03"
},
{
"name": "JVNDB-2016-000158",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158"
},
{
"name": "JVN#18926672",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18926672/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "FEDORA-2016-666d95d1d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name": "GLSA-201804-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "FEDORA-2016-7f193a0c59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name": "FEDORA-2016-77e5105570",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"name": "[debian-lts-announce] 20180628 [SECURITY] [DLA 1403-1] zendframework security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-03"
},
{
"name": "JVNDB-2016-000158",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158"
},
{
"name": "JVN#18926672",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18926672/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-666d95d1d5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name": "GLSA-201804-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "FEDORA-2016-7f193a0c59",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name": "FEDORA-2016-77e5105570",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"name": "[debian-lts-announce] 20180628 [SECURITY] [DLA 1403-1] zendframework security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html"
},
{
"name": "https://framework.zend.com/security/advisory/ZF2016-03",
"refsource": "CONFIRM",
"url": "https://framework.zend.com/security/advisory/ZF2016-03"
},
{
"name": "JVNDB-2016-000158",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158"
},
{
"name": "JVN#18926672",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18926672/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4861",
"datePublished": "2017-02-16T18:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:38.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8089 (GCVE-0-2014-8089)
Vulnerability from cvelistv5
Published
2020-02-17 21:39
Modified
2024-08-06 13:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T21:39:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2014/q4/276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70011"
},
{
"name": "http://seclists.org/oss-sec/2014/q4/276",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2014/q4/276"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1151277",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151277"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2014-06",
"refsource": "MISC",
"url": "http://framework.zend.com/security/advisory/ZF2014-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8089",
"datePublished": "2020-02-17T21:39:04",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6233 (GCVE-0-2016-6233)
Vulnerability from cvelistv5
Published
2017-02-16 18:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-666d95d1d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name": "GLSA-201804-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "FEDORA-2016-7f193a0c59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name": "FEDORA-2016-77e5105570",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-02"
},
{
"name": "91802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\\w]* in a regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "FEDORA-2016-666d95d1d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name": "GLSA-201804-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "FEDORA-2016-7f193a0c59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name": "FEDORA-2016-77e5105570",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-02"
},
{
"name": "91802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-6233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\\w]* in a regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-666d95d1d5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"name": "GLSA-201804-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"name": "FEDORA-2016-7f193a0c59",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"name": "FEDORA-2016-77e5105570",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"name": "https://framework.zend.com/security/advisory/ZF2016-02",
"refsource": "CONFIRM",
"url": "https://framework.zend.com/security/advisory/ZF2016-02"
},
{
"name": "91802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-6233",
"datePublished": "2017-02-16T18:00:00",
"dateReserved": "2016-07-16T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1939 (GCVE-0-2011-1939)
Vulnerability from cvelistv5
Published
2019-11-26 21:17
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- potential SQL injection vector when using PDO_MySql (ZF2011-02)
Summary
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | zendframework;PHP | zendframework |
Version: 1.10.x before 1.10.9 Version: 1.11.x before 1.11.6 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47919",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-1939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201408-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://framework.zend.com/security/advisory/ZF2011-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=47802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zendframework",
"vendor": "zendframework;PHP",
"versions": [
{
"status": "affected",
"version": "1.10.x before 1.10.9"
},
{
"status": "affected",
"version": "1.11.x before 1.11.6"
}
]
},
{
"product": "PHP",
"vendor": "zendframework;PHP",
"versions": [
{
"status": "affected",
"version": "before 5.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "potential SQL injection vector when using PDO_MySql (ZF2011-02)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T21:17:37",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "47919",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-1939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.gentoo.org/glsa/glsa-201408-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://framework.zend.com/security/advisory/ZF2011-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=47802"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1939",
"datePublished": "2019-11-26T21:17:37",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2682 (GCVE-0-2014-2682)
Vulnerability from cvelistv5
Published
2014-11-16 00:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0151.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2014-01",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2682",
"datePublished": "2014-11-16T00:00:00",
"dateReserved": "2014-03-30T00:00:00",
"dateUpdated": "2024-08-06T10:21:36.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3154 (GCVE-0-2015-3154)
Vulnerability from cvelistv5
Published
2020-01-27 15:02
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CRLF Injection
Summary
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zend Technologies | Zend Framework |
Version: before 1.12.12 Version: 2.x before 2.3.8 Version: 2.4.x before 2.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zend Framework",
"vendor": "Zend Technologies",
"versions": [
{
"status": "affected",
"version": "before 1.12.12"
},
{
"status": "affected",
"version": "2.x before 2.3.8"
},
{
"status": "affected",
"version": "2.4.x before 2.4.1"
}
]
}
],
"datePublic": "2015-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CRLF Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T15:02:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zend Framework",
"version": {
"version_data": [
{
"version_value": "before 1.12.12"
},
{
"version_value": "2.x before 2.3.8"
},
{
"version_value": "2.4.x before 2.4.1"
}
]
}
}
]
},
"vendor_name": "Zend Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CRLF Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://framework.zend.com/security/advisory/ZF2015-04",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3154",
"datePublished": "2020-01-27T15:02:12",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5161 (GCVE-0-2015-5161)
Vulnerability from cvelistv5
Published
2015-08-25 17:00
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html"
},
{
"name": "FEDORA-2015-13488",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt"
},
{
"name": "76177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76177"
},
{
"name": "FEDORA-2015-13529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html"
},
{
"name": "37765",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37765/"
},
{
"name": "FEDORA-2015-13314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html"
},
{
"name": "DSA-3340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-06"
},
{
"name": "20150813 Zend Framework \u003c= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/46"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html"
},
{
"name": "FEDORA-2015-13488",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt"
},
{
"name": "76177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76177"
},
{
"name": "FEDORA-2015-13529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html"
},
{
"name": "37765",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37765/"
},
{
"name": "FEDORA-2015-13314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html"
},
{
"name": "DSA-3340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-06"
},
{
"name": "20150813 Zend Framework \u003c= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/46"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5161",
"datePublished": "2015-08-25T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2685 (GCVE-0-2014-2685)
Vulnerability from cvelistv5
Published
2014-09-04 17:00
Modified
2024-08-06 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:21:36.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140331 CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"name": "MDVSA-2014:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0151.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"name": "66358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66358"
},
{
"name": "DSA-3265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2014-02",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2685",
"datePublished": "2014-09-04T17:00:00",
"dateReserved": "2014-03-30T00:00:00",
"dateUpdated": "2024-08-06T10:21:36.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3363 (GCVE-0-2012-3363)
Vulnerability from cvelistv5
Published
2013-02-13 17:00
Modified
2025-01-16 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=225345"
},
{
"name": "FEDORA-2013-4387",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html"
},
{
"name": "[oss-security] 20120627 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-34284"
},
{
"name": "DSA-2505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"name": "[oss-security] 20120626 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"name": "FEDORA-2013-4404",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html"
},
{
"name": "[oss-security] 20120626 XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"name": "[oss-security] 20130325 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/03/25/2"
},
{
"name": "1027208",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2012-3363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:38:37.378788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T20:38:41.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-02T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=225345"
},
{
"name": "FEDORA-2013-4387",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html"
},
{
"name": "[oss-security] 20120627 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-34284"
},
{
"name": "DSA-2505",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"name": "[oss-security] 20120626 Re: XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"name": "FEDORA-2013-4404",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html"
},
{
"name": "[oss-security] 20120626 XXE in Zend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"name": "[oss-security] 20130325 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/03/25/2"
},
{
"name": "1027208",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3363",
"datePublished": "2013-02-13T17:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2025-01-16T20:38:41.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5657 (GCVE-0-2012-5657)
Vulnerability from cvelistv5
Published
2013-05-02 14:00
Modified
2024-08-06 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121219 CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/12/20/2"
},
{
"name": "DSA-2602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2602"
},
{
"name": "MDVSA-2013:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-05"
},
{
"name": "51583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51583"
},
{
"name": "[oss-security] 20121219 Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/12/20/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-02T14:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121219 CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/12/20/2"
},
{
"name": "DSA-2602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2602"
},
{
"name": "MDVSA-2013:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-05"
},
{
"name": "51583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51583"
},
{
"name": "[oss-security] 20121219 Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/12/20/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5657",
"datePublished": "2013-05-02T14:00:00Z",
"dateReserved": "2012-10-24T00:00:00Z",
"dateUpdated": "2024-08-06T21:14:16.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3007 (GCVE-0-2021-3007)
Vulnerability from cvelistv5
Published
2021-01-04 02:26
Modified
2024-08-03 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laminas/laminas-http/pull/48"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/laminas/laminas-http/releases/tag/2.14.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\\Http\\Response\\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a \"vulnerability in the PHP language itself\" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T16:08:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laminas/laminas-http/pull/48"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/laminas/laminas-http/releases/tag/2.14.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\\Http\\Response\\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a \"vulnerability in the PHP language itself\" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md",
"refsource": "MISC",
"url": "https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md"
},
{
"name": "https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php",
"refsource": "MISC",
"url": "https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php"
},
{
"name": "https://github.com/laminas/laminas-http/pull/48",
"refsource": "MISC",
"url": "https://github.com/laminas/laminas-http/pull/48"
},
{
"name": "https://github.com/laminas/laminas-http/releases/tag/2.14.2",
"refsource": "MISC",
"url": "https://github.com/laminas/laminas-http/releases/tag/2.14.2"
},
{
"name": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3007",
"datePublished": "2021-01-04T02:26:45",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T16:45:50.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7695 (GCVE-0-2015-7695)
Vulnerability from cvelistv5
Published
2016-06-07 14:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160930 Re: CVE Request: zendframework SQL injections",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/8"
},
{
"name": "DSA-3369",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"name": "[oss-security] 20161011 Re: CVE Request: zendframework SQL injections",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/3"
},
{
"name": "[oss-security] 20160930 CVE Request: zendframework SQL injections",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/6"
},
{
"name": "76784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160930 Re: CVE Request: zendframework SQL injections",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/8"
},
{
"name": "DSA-3369",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"name": "[oss-security] 20161011 Re: CVE Request: zendframework SQL injections",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/3"
},
{
"name": "[oss-security] 20160930 CVE Request: zendframework SQL injections",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/6"
},
{
"name": "76784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160930 Re: CVE Request: zendframework SQL injections",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/8"
},
{
"name": "DSA-3369",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"name": "[oss-security] 20161011 Re: CVE Request: zendframework SQL injections",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/3"
},
{
"name": "[oss-security] 20160930 CVE Request: zendframework SQL injections",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/6"
},
{
"name": "76784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76784"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2015-08",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2015-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7695",
"datePublished": "2016-06-07T14:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1555 (GCVE-0-2015-1555)
Vulnerability from cvelistv5
Published
2017-08-07 17:00
Modified
2024-08-06 04:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:16.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://framework.zend.com/security/advisory/ZF2015-01",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2015-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1555",
"datePublished": "2017-08-07T17:00:00",
"dateReserved": "2015-02-07T00:00:00",
"dateUpdated": "2024-08-06T04:47:16.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-26 22:15
Modified
2024-11-21 01:27
Severity ?
Summary
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201408-01.xml | Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/47919 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2011-1939 | Broken Link | |
| secalert@redhat.com | https://bugs.php.net/bug.php?id=47802 | Exploit, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://framework.zend.com/security/advisory/ZF2011-02 | Vendor Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2011-1939 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201408-01.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47919 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2011-1939 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.php.net/bug.php?id=47802 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://framework.zend.com/security/advisory/ZF2011-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-1939 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| php | php | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5191A23-BD5C-49FB-B76E-24BF59BE6E19",
"versionEndExcluding": "1.10.9",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D309B4-171B-440F-9F85-E9F2F4C9F9AF",
"versionEndExcluding": "1.11.6",
"versionStartIncluding": "1.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC569B2-A261-4D43-B677-F566568D42E9",
"versionEndExcluding": "5.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Zend Framework versiones 1.10.x anteriores a la versi\u00f3n 1.10.9 y versiones 1.11.x anteriores a la versi\u00f3n 1.11.6, cuando son utilizadas codificaciones no compatibles con ASCII junto con PDO_MySql en PHP versiones anteriores a la versi\u00f3n 5.3.6."
}
],
"id": "CVE-2011-1939",
"lastModified": "2024-11-21T01:27:21.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T22:15:14.133",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201408-01.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47919"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-1939"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.php.net/bug.php?id=47802"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2011-02"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201408-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/47919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2011-1939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.php.net/bug.php?id=47802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2011-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1939"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 03:15
Modified
2024-11-21 06:20
Severity ?
Summary
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/laminas/laminas-http/pull/48 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/laminas/laminas-http/releases/tag/2.14.2 | Third Party Advisory | |
| cve@mitre.org | https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laminas/laminas-http/pull/48 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/laminas/laminas-http/releases/tag/2.14.2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getlaminas | laminas-http | * | |
| zend | zend_framework | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getlaminas:laminas-http:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E99556-4806-4485-B0BF-8C0069221705",
"versionEndExcluding": "2.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B6FB7-619D-4CA0-BC7A-081DC506D311",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\\Http\\Response\\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a \"vulnerability in the PHP language itself\" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Laminas Project laminas-http versi\u00f3n anterior a 2.14.2, y Zend Framework versi\u00f3n 3.0.0, tiene una vulnerabilidad de deserializaci\u00f3n que puede llevar a la ejecuci\u00f3n remota de c\u00f3digo si el contenido es controlable, relacionado con el m\u00e9todo __destructura de la clase Zend\\Http\\Response\\Stream en Stream.php. NOTA: Zend Framework ya no est\u00e1 soportado por el mantenedor. NOTA: el proveedor de laminas-http considera esto como una \"vulnerabilidad en el propio lenguaje PHP\" pero ha a\u00f1adido cierto tipo de chequeo como una forma de prevenir la explotaci\u00f3n en casos de uso (no recomendado) donde los datos suministrados por el atacante pueden ser deserializados"
}
],
"id": "CVE-2021-3007",
"lastModified": "2024-11-21T06:20:44.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T03:15:13.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laminas/laminas-http/pull/48"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laminas/laminas-http/releases/tag/2.14.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/laminas/laminas-http/pull/48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/laminas/laminas-http/releases/tag/2.14.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-16 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0151.html | Third Party Advisory | |
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2014-01 | Vendor Advisory | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/0 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3265 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/66358 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0151.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2014-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/0 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3265 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66358 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zendrest | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zendservice_slideshare | * | |
| zend | zendservice_api | * | |
| zend | zendservice_audioscrobbler | * | |
| zend | zendservice_amazon | * | |
| zend | zendservice_technorati | * | |
| zend | zendservice_windowsazure | * | |
| zend | zendopenid | * | |
| zend | zendservice_nirvanix | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendrest:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8355D554-59F8-40DE-BEED-9608E710689F",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "836B23B2-F868-4068-8CAE-F9E0C9844D35",
"versionEndExcluding": "1.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CADA4077-F8CC-44EB-854A-8397EEF4D99D",
"versionEndExcluding": "2.1.6",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1211BC37-763D-4B18-87D8-6727CC049F81",
"versionEndExcluding": "2.2.6",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_slideshare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA03FE2-F2AF-4AAC-8699-B83428A177B9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_api:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BF3B28-536C-478F-8837-91AEAF4E182F",
"versionEndIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_audioscrobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7B01AC-43F4-46C7-ADFD-25EB628A3060",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_amazon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48545222-B223-4056-8AE4-0462089A8FDD",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_technorati:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01842993-10EC-49E4-BDC8-BB2379B0A938",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_windowsazure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C20DCB6-DB3C-4D05-A80C-83E6A9E1BFDF",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendopenid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255171B6-0A4C-4757-ADDA-28916398499C",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_nirvanix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD90BDD0-0155-4D4C-AA05-FF87C6ABC47F",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657."
},
{
"lang": "es",
"value": "Zend Framework 1 (ZF1) anterior a 1.12.4, Zend Framework 2 anterior a 2.1.6 y 2.2.x anterior a 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, y ZendService_WindowsAzure anterior a 2.0.2, ZendService_Amazon anterior a 2.0.2, ZendService_Amazon anterior a 2.0.3, y ZendService_Api anterior a 1.0.0 permite a atacantes remotos leer ficheros arbitrarios, enviar peticiones HTTP al servidor de una intranet, y posiblemente causar una denegaci\u00f3n de servicio (Consumo de CPU y memoria) a trav\u00e9s de un ataque XXE por XML. NOTA: este fallo existe porque no se corrigi\u00f3 CVE-2012-5657."
}
],
"id": "CVE-2014-2681",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T00:59:00.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66358"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-10 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1283137 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://framework.zend.com/security/advisory/ZF2015-10 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1283137 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://framework.zend.com/security/advisory/ZF2015-10 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | 2.4.0 | |
| zend | zend_framework | 2.4.1 | |
| zend | zend_framework | 2.4.2 | |
| zend | zend_framework | 2.4.3 | |
| zend | zend_framework | 2.4.4 | |
| zend | zend_framework | 2.4.5 | |
| zend | zend_framework | 2.4.6 | |
| zend | zend_framework | 2.4.7 | |
| zend | zend_framework | 2.4.8 | |
| zend | zend_framework | 2.5.0 | |
| zend | zend_framework | 2.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE2C2D7-D937-427B-9690-B1EA32314042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98145CC7-4F7E-40B2-BDD3-08AF81634AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35909C93-F7B3-4072-9FB7-E806AFDB585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8AFDDAC-A697-4F0C-9C1B-507A85DF8473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F724D0C-0A0D-48A0-AE0B-A9645062AEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC1E6B1-1456-419E-9711-10EAD142FE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAF7D7C-EB8C-4EF7-BBAE-4D7E86FD8F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6BBE4F-3EC6-415E-92DF-5663DD54D489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA57B38C-E022-4C07-99DA-9C6824FB42C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CF6A3D-A182-4800-89FA-44BC4ACD7291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDA71DB-7D92-47EC-A706-2A61ACDC7CEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key."
},
{
"lang": "es",
"value": "Zend Framework en versiones anteriores a la 2.4.9, zend-framework/zend-crypt en versiones 2.4.x anteriores a la 2.4.9 y 2.5.x anteriores a la 2.5.2 permite que atacantes remotos recuperen la clave privada RSA."
}
],
"id": "CVE-2015-7503",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-10T16:29:00.480",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283137"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2015-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2015-10"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-320"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-25 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://framework.zend.com/security/advisory/ZF2015-06 | Vendor Advisory | |
| secalert@redhat.com | http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt | Exploit | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html | ||
| secalert@redhat.com | http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html | Exploit | |
| secalert@redhat.com | http://seclists.org/fulldisclosure/2015/Aug/46 | Exploit | |
| secalert@redhat.com | http://www.debian.org/security/2015/dsa-3340 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/76177 | Exploit | |
| secalert@redhat.com | https://www.exploit-db.com/exploits/37765/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2015-06 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2015/Aug/46 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3340 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76177 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/37765/ | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.1 | |
| zend | zend_framework | 1.0.2 | |
| zend | zend_framework | 1.0.3 | |
| zend | zend_framework | 1.0.4 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.1 | |
| zend | zend_framework | 1.5.2 | |
| zend | zend_framework | 1.5.3 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.1 | |
| zend | zend_framework | 1.6.2 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.1 | |
| zend | zend_framework | 1.7.2 | |
| zend | zend_framework | 1.7.3 | |
| zend | zend_framework | 1.7.3 | |
| zend | zend_framework | 1.7.4 | |
| zend | zend_framework | 1.7.5 | |
| zend | zend_framework | 1.7.6 | |
| zend | zend_framework | 1.7.7 | |
| zend | zend_framework | 1.7.8 | |
| zend | zend_framework | 1.7.9 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.1 | |
| zend | zend_framework | 1.8.2 | |
| zend | zend_framework | 1.8.3 | |
| zend | zend_framework | 1.8.4 | |
| zend | zend_framework | 1.8.4 | |
| zend | zend_framework | 1.8.5 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.1 | |
| zend | zend_framework | 1.9.2 | |
| zend | zend_framework | 1.9.3 | |
| zend | zend_framework | 1.9.3 | |
| zend | zend_framework | 1.9.4 | |
| zend | zend_framework | 1.9.5 | |
| zend | zend_framework | 1.9.6 | |
| zend | zend_framework | 1.9.7 | |
| zend | zend_framework | 1.9.8 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.1 | |
| zend | zend_framework | 1.10.2 | |
| zend | zend_framework | 1.10.3 | |
| zend | zend_framework | 1.10.4 | |
| zend | zend_framework | 1.10.5 | |
| zend | zend_framework | 1.10.6 | |
| zend | zend_framework | 1.10.7 | |
| zend | zend_framework | 1.10.8 | |
| zend | zend_framework | 1.10.9 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.1 | |
| zend | zend_framework | 1.11.2 | |
| zend | zend_framework | 1.11.3 | |
| zend | zend_framework | 1.11.4 | |
| zend | zend_framework | 1.11.5 | |
| zend | zend_framework | 1.11.6 | |
| zend | zend_framework | 1.11.7 | |
| zend | zend_framework | 1.11.8 | |
| zend | zend_framework | 1.11.9 | |
| zend | zend_framework | 1.11.10 | |
| zend | zend_framework | 1.11.11 | |
| zend | zend_framework | 1.11.12 | |
| zend | zend_framework | 1.11.13 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.1 | |
| zend | zend_framework | 1.12.2 | |
| zend | zend_framework | 1.12.3 | |
| zend | zend_framework | 1.12.4 | |
| zend | zend_framework | 1.12.5 | |
| zend | zend_framework | 1.12.6 | |
| zend | zend_framework | 1.12.7 | |
| zend | zend_framework | 1.12.8 | |
| zend | zend_framework | 1.12.9 | |
| zend | zend_framework | 1.12.10 | |
| zend | zend_framework | 1.12.11 | |
| zend | zend_framework | 1.12.12 | |
| zend | zend_framework | 1.12.13 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.0.1 | |
| zend | zend_framework | 2.0.2 | |
| zend | zend_framework | 2.0.3 | |
| zend | zend_framework | 2.0.4 | |
| zend | zend_framework | 2.0.5 | |
| zend | zend_framework | 2.0.6 | |
| zend | zend_framework | 2.0.7 | |
| zend | zend_framework | 2.1.0 | |
| zend | zend_framework | 2.1.1 | |
| zend | zend_framework | 2.1.2 | |
| zend | zend_framework | 2.1.3 | |
| zend | zend_framework | 2.1.4 | |
| zend | zend_framework | 2.1.5 | |
| zend | zend_framework | 2.1.6 | |
| zend | zend_framework | 2.2.0 | |
| zend | zend_framework | 2.2.1 | |
| zend | zend_framework | 2.2.2 | |
| zend | zend_framework | 2.2.3 | |
| zend | zend_framework | 2.2.4 | |
| zend | zend_framework | 2.2.5 | |
| zend | zend_framework | 2.2.6 | |
| zend | zend_framework | 2.2.7 | |
| zend | zend_framework | 2.2.8 | |
| zend | zend_framework | 2.2.9 | |
| zend | zend_framework | 2.2.10 | |
| zend | zend_framework | 2.3.0 | |
| zend | zend_framework | 2.3.1 | |
| zend | zend_framework | 2.3.2 | |
| zend | zend_framework | 2.3.3 | |
| zend | zend_framework | 2.3.4 | |
| zend | zend_framework | 2.3.5 | |
| zend | zend_framework | 2.3.6 | |
| zend | zend_framework | 2.3.7 | |
| zend | zend_framework | 2.3.8 | |
| zend | zend_framework | 2.3.9 | |
| zend | zend_framework | 2.4.0 | |
| zend | zend_framework | 2.4.1 | |
| zend | zend_framework | 2.4.2 | |
| zend | zend_framework | 2.4.3 | |
| zend | zend_framework | 2.4.4 | |
| zend | zend_framework | 2.4.5 | |
| zend | zend_framework | 2.5.0 | |
| zend | zend_framework | 2.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C42B4F3-D79C-42DE-B86C-9E7612E71661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "536CC39B-D305-492F-892C-6431BD7BA95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17673E8C-CB65-447E-8A6B-1083E6E77B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "CA85105D-B9FB-4147-87B7-4F4DD0324AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "99C549AF-2C59-4D8E-B651-EA630C3B2975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50EF804C-102C-47F5-A85A-63EAA7EF9BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B648466-36AD-4EC0-BDE1-C976F697D58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9DCE27-D2D1-4329-88F5-911DA763469C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1417EB1F-5342-443B-AC81-3256FCCE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE350CD6-54CA-4BDF-9327-60F872098D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3603D2F-91FE-4B12-A5BC-2F63E1612A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "04524F0F-6C21-4670-9B2C-A3B06C151799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD97A6-336A-4B8A-AFC5-C9EA1DDCCC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B636257-9941-4997-9525-F8C5A920AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "118C20B5-FC8D-4EBF-A7D7-975A568A31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEB67E5-D7D9-443A-9176-3104A9C068AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20C61B54-2D08-45FD-A10A-34AD50EC3BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1FD68242-67DB-4C1D-8265-7839976DBCEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9C32036E-14BC-48AE-92A4-9DDCC96EC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F965C4F5-5F12-42CF-B120-758205E0E050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "531B7A51-2B4C-4A50-A8C8-D81040FF6E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16D75279-B5A8-4C82-B2C0-C58DEF56A086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EE99D584-E652-4B9F-BD2E-45A167B1524C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:pr:*:*:*:*:*:*",
"matchCriteriaId": "0EE1CCE3-4AD0-4ABD-B4C9-5390F9CDB37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D97342-CF37-486E-A3C9-FBA000F5A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "819E0C25-1413-4532-9427-24520E23C07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A96DF1-81D9-4BD3-9E62-CEECE377406D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:pl1:*:*:*:*:*:*",
"matchCriteriaId": "744FEDE8-5825-4C5C-887D-9ADCC9183AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF957F4D-FDFD-419B-AD2B-02E572A3BA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000BAA0C-6546-4DEC-8B85-146508C19F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "429128C9-689E-49EA-BD8C-138FC337AB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2096048C-7E4A-415E-AEBF-9AB7E8BCE894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72E45D-E298-45BD-9EE5-127D3EFEC17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "07D06D35-CE63-456D-A970-5AE663175E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11459424-1BA2-44D0-B831-92BE6E2664E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "FACC0F56-C6CB-4BC7-946E-8077B2C90B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "BB4F6AA5-8320-4451-9C8C-02D68FE4CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A847F7F6-18EF-44FB-9153-BD7D3223D6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE53880-D68C-49CB-BFE7-D1806AAD5C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45B7421E-E0C4-4594-AE81-4F3811CAAB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EABF4FA-D4A6-4C82-BF9C-A828B906F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:pl1:*:*:*:*:*:*",
"matchCriteriaId": "1EA1EBE6-0E18-44FA-BE72-D6512E7409B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F10191E-9EF7-47B8-9CDC-FCFE47AEFE50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E24C3-21CC-4ED2-8669-5D94BD5D99AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "075019DE-CC38-4DFF-B869-5884A7AC9000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "81CC10E4-37A8-4BAD-AC6D-EAD3A7E70CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3E9C9A-E12F-43EC-9134-4EFF2BA6B4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75B01DA0-E43B-456F-98CB-B806E3A54E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3BA6AE-8D0D-48C4-82C2-90164113232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C405425-36E0-458C-9EB8-760703DF39DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:pl1:*:*:*:*:*:*",
"matchCriteriaId": "1E3911A0-F189-488A-9246-BA8B1CF9B8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC94846-2345-4A62-8E57-AC7EAFCD05D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8074B0AD-C349-4BAC-9076-DD08893F5574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18F43C9F-1EE9-4B77-AD35-EB1286BED2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "557E4E4E-0022-4EEA-A08D-BFE2392147EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC4C9BC-B0FC-4050-B998-5DB523C26EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C844B367-8CE3-4347-B822-FA74D29E87C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "0AAF2D17-6E72-4E27-B94B-397DB9C3A682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF93FB2E-0F51-4EE0-9A29-91B2A2311FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "528D7214-C4EE-40D9-83CF-F9B81382F257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78EAC4C3-D9D3-4F3C-A56E-C434F15860CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6322EB6C-3CAD-4E61-AC47-FDB416F9BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A341606-0AD5-442B-BEF3-D8246402CE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F033605-4770-453C-9C8D-48AB36B93F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF3E847-EF03-4B57-B54F-01E2D4DA2261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E7A156-6F31-48D6-B1A7-991CDC120602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC72907-188E-4B2B-AA08-482A98227961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1E9C46-CF7B-4142-A178-C21EB3E4C844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0227AEB0-4C45-4744-8501-B20F7B4254D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A033B19-5C9B-4948-88C6-9B8E69135112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "D5B221F8-CF2D-4994-87D9-57375D0942DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E8BCCB2A-7873-4027-AECE-024EF7A71E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81773611-D93F-4A8A-AE36-BEE60385F39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAF5871-E892-4EDE-8845-E3633E10F733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5C2A0-11C8-458A-910F-58E7F39243C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49C5F9-1C3D-44FD-831D-663013EDFA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B338FCC6-506F-468D-9551-B7FA22D31BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "687ABF79-8F2F-4E5F-BF2A-42AD4F60C178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82E96CB5-E6F8-4163-8A95-B72C243FF133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F486B0E-45D9-4B15-B4B7-1C35C3B9A8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A751B994-80CF-475C-AFCC-C3645A4B2BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F25F13A3-867D-4D79-8B7B-9771D3DB0540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64C08E10-14D4-4ACE-9064-8322A09773C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4B247-94D3-400C-A575-3DBA755C24E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2D934F3F-997E-44B8-A4D2-CC07FEEB7271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBCDD61-759D-4623-B7ED-88E78BDE7397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A78C7EE7-7C12-45D2-913E-DC4902886C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "97F3ED10-8D1F-4D01-A79B-95AAF864B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E65648D-78FF-47D8-9F9E-66E9A8C121AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA6467DF-3983-4BB9-ACC7-C6AFE753E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93186E8D-5681-4350-A6B1-C020B3C47560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A65D2D2-766B-4C47-B6B8-352184D4D15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA1CB81-12EF-4509-9D64-726B6E29C3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0156E81D-4059-4B2E-A0CB-16DE1769DD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0724571D-979D-4608-94A0-139848A37AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3CE5F6-2B7C-4DDC-A8AD-15850DD98235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD215689-EFF4-47D4-B6B2-573857E84288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "74B48102-DC93-4C5A-9297-0FCE790AD62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "287EB2A5-CAC2-45F7-9980-2F003249AFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2AEAB-A3F6-4DC4-A590-75B8F0153605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD287F1-7CB2-4DCA-84A0-495DE57EAB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E37F6DF4-A6F6-476C-AF90-5703E5054532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61A46B5E-3BCB-4296-9BAE-44AA3648BD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED897A0F-2530-4414-A7B1-D505952E2B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ED954B74-0A27-4DFE-B4FD-FCD996043A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "24801F0A-F796-41BF-9E87-AEA99490CD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7D0E7E8F-C212-42DB-9EB5-816AD5B3A681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "12645463-1317-48D2-AA01-E835CD296510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "B3F15A9A-DC75-45B8-B674-FA47166B9BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "CF328AB4-C203-40AC-AB50-C3065236CB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "6F6122C6-8332-40DC-B5EF-5403C3DE5594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD454CB-F1E7-4373-815F-896D68D150D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1D7828-D023-46D6-8F1B-A7D62C8F133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A123161-76A3-4AAF-ACE6-6EF7A686B74F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16C3EFB5-99A7-4F05-B17C-56451FFB5860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "62D6D1C8-4733-4758-8883-2F85B8DB3A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "43A6BA3C-F356-4A64-9AEE-2262DB0B46A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02AEF2B4-B24C-42E2-8525-E7595E9283F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B584F0-75AB-4670-A460-92A1CF27F0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E14CED-60C4-4D16-9807-1B86F69FB516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C32DC80-7367-4D82-A755-DE397629EA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30AEC279-C346-48D1-B3E1-92C64CA1A4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "328F76F9-F195-4212-803F-CD3D104F3A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB893A06-1A7D-43A9-B51B-C9242F74AAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA225A4-8427-4016-AFD1-6BDC3421A531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D51607-3FA8-4E30-8B02-004F056583E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90A9D6B0-D34B-423A-AB7D-D6B14F3F1FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E258FDD6-AF80-4166-A3C0-BC41EAFD894C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B537EBA-396D-4C52-A65D-CD26E59EE44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80CD59F7-E5F7-4146-A422-79C652121D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F760DAF-39EE-400E-BEF4-B6816080538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB89CEA-8DC2-4DD2-8A41-BD944261E1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C85F6A88-33E7-4C71-B52B-99D13CD23F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "75E530D7-6033-4151-AEF6-F7A0E3CC86CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACABA67-F66C-4597-B0F6-A6A6B7DF85EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6A15D7-27BB-4625-BD14-A0CE2F213D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58B32A65-119C-45EF-8122-EBFCA41A1696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32E9E662-1642-49D6-9908-9BD4DE479114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACBA96F-C081-4B66-BC4B-C456FA688EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23C2DD7D-3CB8-4E69-9B4D-B0A4552A1177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D3129429-DD49-416B-BFD0-174713966A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDE54C3-5D05-4CEE-8FA1-840E6DC5D110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F95F9508-D1E5-410F-A2B0-635E1524720A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "03CC3191-5BEE-417D-9420-08F65E4F28FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8CB49F-F050-4F45-A72E-D5B9C43B0E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5AD2CD-3CE5-4465-9EEB-0F990AF48588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE2C2D7-D937-427B-9690-B1EA32314042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98145CC7-4F7E-40B2-BDD3-08AF81634AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35909C93-F7B3-4072-9FB7-E806AFDB585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8AFDDAC-A697-4F0C-9C1B-507A85DF8473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1F724D0C-0A0D-48A0-AE0B-A9645062AEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0BC1E6B1-1456-419E-9711-10EAD142FE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CF6A3D-A182-4800-89FA-44BC4ACD7291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDA71DB-7D92-47EC-A706-2A61ACDC7CEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters."
},
{
"lang": "es",
"value": "Vulnerabilidad en el Zend_Xml_Security::scan en ZendXml en versiones anteriores a 1.0.1 y Zend Framework en versiones anteriores a 1.12.14, 2.x en versiones anteriores a 2.4.6 y 2.5.x en versiones anteriores a 2.5.2, cuando se ejecuta bajo PHP-FPM en un entorno con hilos, permite a atacantes remotos evadir la verificaci\u00f3n de seguridad y realizar ataques de entidad externa XML (XXE) y de expansi\u00f3n de entidad XML (XEE) a trav\u00e9s de caracteres multibyte codificados."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2015-5161",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-25T17:59:03.307",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-06"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/46"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3340"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/76177"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/37765/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Aug/46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/76177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/37765/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-16 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0151.html | Third Party Advisory | |
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2014-01 | Vendor Advisory | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/0 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3265 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/66358 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0151.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2014-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/0 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3265 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66358 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zendrest | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zendservice_slideshare | * | |
| zend | zendservice_api | * | |
| zend | zendservice_audioscrobbler | * | |
| zend | zendservice_amazon | * | |
| zend | zendservice_technorati | * | |
| zend | zendservice_windowsazure | * | |
| zend | zendopenid | * | |
| zend | zendservice_nirvanix | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendrest:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8355D554-59F8-40DE-BEED-9608E710689F",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "836B23B2-F868-4068-8CAE-F9E0C9844D35",
"versionEndExcluding": "1.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CADA4077-F8CC-44EB-854A-8397EEF4D99D",
"versionEndExcluding": "2.1.6",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1211BC37-763D-4B18-87D8-6727CC049F81",
"versionEndExcluding": "2.2.6",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_slideshare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA03FE2-F2AF-4AAC-8699-B83428A177B9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_api:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BF3B28-536C-478F-8837-91AEAF4E182F",
"versionEndIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_audioscrobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7B01AC-43F4-46C7-ADFD-25EB628A3060",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_amazon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48545222-B223-4056-8AE4-0462089A8FDD",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_technorati:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01842993-10EC-49E4-BDC8-BB2379B0A938",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_windowsazure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C20DCB6-DB3C-4D05-A80C-83E6A9E1BFDF",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendopenid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255171B6-0A4C-4757-ADDA-28916398499C",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_nirvanix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD90BDD0-0155-4D4C-AA05-FF87C6ABC47F",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532."
},
{
"lang": "es",
"value": "ZendFramework 1(ZF1) anterior a 1.12.4, Zend Framework anterior a 2.1.6 y 2.2.x anterior a 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, y ZendService_WindowsAzure anterior a 2.0.2, ZendService_Amazon anterior a 2.0.3, y ZendService_Api anterior a 1.0.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (Consumir la CPU) a trav\u00e9s de referencias recursivas o circulares en una definici\u00f3n de una entidad en XML en una declaraci\u00f3n DOCTYPE XML tambi\u00e9n conocido como ataque XEE. Nota: este fallo existe porque no se termino de solucionar la CVE-2012-6532"
}
],
"id": "CVE-2014-2683",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T00:59:03.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66358"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 16:15
Modified
2024-11-21 02:28
Severity ?
Summary
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://framework.zend.com/security/advisory/ZF2015-04 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2015-04 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC26DF5-0C36-47B9-A42C-563254068FE2",
"versionEndExcluding": "1.12.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E14D72D-4775-4018-8BB5-1C1997FC3552",
"versionEndExcluding": "2.3.8",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1035005-3678-4FFC-95CC-F1B2B35B4CDD",
"versionEndExcluding": "2.4.1",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de tipo CRLF en Zend\\Mail (Zend_Mail) en Zend Framework versiones anteriores a 1.12.12, versiones 2.x anteriores a 2.3.8 y versiones 2.4.x anteriores a 2.4.1, permite a atacantes remotos inyectar encabezados HTTP arbitrarios y realizar ataques de divisi\u00f3n de respuesta HTTP por medio de secuencias de tipo CRLF en el encabezado de un correo electr\u00f3nico."
}
],
"id": "CVE-2015-3154",
"lastModified": "2024-11-21T02:28:47.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T16:15:11.063",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-07 14:06
Modified
2025-04-12 10:46
Severity ?
Summary
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2015-08 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3369 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/09/30/6 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/09/30/8 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/10/11/3 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/76784 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2015-08 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3369 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/09/30/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/09/30/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/10/11/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/76784 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CA52AF-D551-4CE9-A4CD-F264F702634A",
"versionEndIncluding": "1.12.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query."
},
{
"lang": "es",
"value": "Los adaptadores PDO en Zend Framework en versiones anteriores a 1.12.16 no filtran bytes null en sentencias SQL, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una consulta manipulada."
}
],
"id": "CVE-2015-7695",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-07T14:06:10.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-08"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/8"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/76784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/09/30/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76784"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-13 17:55
Modified
2025-04-11 00:51
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://framework.zend.com/security/advisory/ZF2012-01 | Vendor Advisory | |
| secalert@redhat.com | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284 | Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html | Mailing List | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html | Mailing List | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2013/03/25/2 | Mailing List | |
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2505 | Mailing List | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/06/26/2 | Mailing List | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/06/26/4 | Mailing List | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/06/27/2 | Mailing List | |
| secalert@redhat.com | http://www.securitytracker.com/id?1027208 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://moodle.org/mod/forum/discuss.php?d=225345 | Third Party Advisory | |
| secalert@redhat.com | https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2012-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2013/03/25/2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2505 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/06/26/2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/06/26/4 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/06/27/2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027208 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://moodle.org/mod/forum/discuss.php?d=225345 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| fedoraproject | fedora | 17 | |
| fedoraproject | fedora | 18 | |
| debian | debian_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68B94C54-4E8F-4D13-9D0A-3E912D3E4545",
"versionEndExcluding": "1.11.12",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A78C7EE7-7C12-45D2-913E-DC4902886C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "97F3ED10-8D1F-4D01-A79B-95AAF864B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E65648D-78FF-47D8-9F9E-66E9A8C121AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA6467DF-3983-4BB9-ACC7-C6AFE753E319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack."
},
{
"lang": "es",
"value": "Zend_XmlRpc 1.x de Zend Framework antes de v1.11.12 y antes v1.12.0 1.12.x,94 no controla correctamente las clases SimpleXMLElement, lo que permite a atacantes remotos leer archivos arbitrarios o crear conexiones TCP a trav\u00e9s de una referencia de entidad externa en un elemento DOCTYPE en un XML -RPC petici\u00f3n, tambi\u00e9n conocido como un XML entidad externa (XXE) ataque de inyecci\u00f3n."
}
],
"id": "CVE-2012-3363",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2013-02-13T17:55:01.320",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-34284"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/03/25/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027208"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=225345"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-34284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/03/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=225345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | 2.2.0 | |
| zend | zend_framework | 2.2.1 | |
| zend | zend_framework | 2.2.2 | |
| zend | zend_framework | 2.2.3 | |
| zend | zend_framework | 2.2.4 | |
| zend | zend_framework | 2.2.5 | |
| zend | zend_framework | 2.2.6 | |
| zend | zend_framework | 2.2.7 | |
| zend | zend_framework | 2.2.8 | |
| zend | zend_framework | 2.3.0 | |
| zend | zend_framework | 2.3.1 | |
| zend | zend_framework | 2.3.2 | |
| zend | zend_framework | 2.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D51607-3FA8-4E30-8B02-004F056583E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90A9D6B0-D34B-423A-AB7D-D6B14F3F1FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E258FDD6-AF80-4166-A3C0-BC41EAFD894C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B537EBA-396D-4C52-A65D-CD26E59EE44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80CD59F7-E5F7-4146-A422-79C652121D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F760DAF-39EE-400E-BEF4-B6816080538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB89CEA-8DC2-4DD2-8A41-BD944261E1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C85F6A88-33E7-4C71-B52B-99D13CD23F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "75E530D7-6033-4151-AEF6-F7A0E3CC86CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58B32A65-119C-45EF-8122-EBFCA41A1696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32E9E662-1642-49D6-9908-9BD4DE479114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACBA96F-C081-4B66-BC4B-C456FA688EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23C2DD7D-3CB8-4E69-9B4D-B0A4552A1177",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators."
},
{
"lang": "es",
"value": "Zend/Session/SessionManager en Zend Framework 2.2.x en versiones anteriores a 2.2.9, 2.3.x en versiones anteriores a 2.3.4 permite que atacantes remotos creen sesiones v\u00e1lidas sin emplear validadores de sesi\u00f3n."
}
],
"id": "CVE-2015-1555",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T17:29:00.347",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-02 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://framework.zend.com/security/advisory/ZF2012-05 | Vendor Advisory | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2012/12/20/2 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2012/12/20/4 | ||
| secalert@redhat.com | http://secunia.com/advisories/51583 | Vendor Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2602 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2013:115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2012-05 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2012/12/20/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2012/12/20/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51583 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2602 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:115 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.1 | |
| zend | zend_framework | 1.11.2 | |
| zend | zend_framework | 1.11.3 | |
| zend | zend_framework | 1.11.4 | |
| zend | zend_framework | 1.11.5 | |
| zend | zend_framework | 1.11.6 | |
| zend | zend_framework | 1.11.7 | |
| zend | zend_framework | 1.11.8 | |
| zend | zend_framework | 1.11.9 | |
| zend | zend_framework | 1.11.10 | |
| zend | zend_framework | 1.11.11 | |
| zend | zend_framework | 1.11.12 | |
| zend | zend_framework | 1.11.13 | |
| zend | zend_framework | 1.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A033B19-5C9B-4948-88C6-9B8E69135112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81773611-D93F-4A8A-AE36-BEE60385F39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAF5871-E892-4EDE-8845-E3633E10F733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5C2A0-11C8-458A-910F-58E7F39243C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49C5F9-1C3D-44FD-831D-663013EDFA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B338FCC6-506F-468D-9551-B7FA22D31BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "687ABF79-8F2F-4E5F-BF2A-42AD4F60C178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82E96CB5-E6F8-4163-8A95-B72C243FF133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F486B0E-45D9-4B15-B4B7-1C35C3B9A8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A751B994-80CF-475C-AFCC-C3645A4B2BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F25F13A3-867D-4D79-8B7B-9771D3DB0540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64C08E10-14D4-4ACE-9064-8322A09773C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4B247-94D3-400C-A575-3DBA755C24E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2D934F3F-997E-44B8-A4D2-CC07FEEB7271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBCDD61-759D-4623-B7ED-88E78BDE7397",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack."
},
{
"lang": "es",
"value": "Las clases (1) Zend_Feed_Rss y (2) Zend_Feed_Atom en Zend_Feed en Zend Framework v1.11.x antes de v1.11.15 y v1.12.x antes de v1.12.1 permite a atacantes remotos leer ficheros, enviar peticiones HTTP a servidores intranet, y posiblemente causar una denegaci\u00f3n del servicio (consumo de CPU y memoria) a trav\u00e9s de un ataque XML External Entity (XXE)."
}
],
"id": "CVE-2012-5657",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-02T14:55:05.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-05"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/12/20/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/12/20/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51583"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2602"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/12/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/12/20/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-03 17:15
Modified
2024-11-21 01:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://framework.zend.com/security/advisory/ZF2012-03 | Vendor Advisory | |
| secalert@redhat.com | http://seclists.org/oss-sec/2012/q3/571 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://seclists.org/oss-sec/2012/q3/573 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/55636 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://bugs.gentoo.org/show_bug.cgi?id=436210 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=860738 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2012-03 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2012/q3/571 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2012/q3/573 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55636 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=436210 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=860738 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| fedoraproject | fedora | 16 | |
| fedoraproject | fedora | 17 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFA88C3-5613-4261-8FEC-B9914C0187BF",
"versionEndExcluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, or (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, related to Escaper."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en Zend Framework versiones 2.0.x anteriores a la versi\u00f3n 2.0.1, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de una entrada no especificada en (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, o (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, relacionado con Escaper."
}
],
"id": "CVE-2012-4451",
"lastModified": "2024-11-21T01:42:55.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-03T17:15:11.053",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55636"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-13 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2012-01 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2505 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2012/06/26/2 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2012/06/26/4 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2012/06/27/2 | ||
| cve@mitre.org | https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2012-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2505 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/06/26/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/06/26/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/06/27/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | 1.0.4 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.1 | |
| zend | zend_framework | 1.5.2 | |
| zend | zend_framework | 1.5.3 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.1 | |
| zend | zend_framework | 1.6.2 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.1 | |
| zend | zend_framework | 1.7.2 | |
| zend | zend_framework | 1.7.3 | |
| zend | zend_framework | 1.7.4 | |
| zend | zend_framework | 1.7.5 | |
| zend | zend_framework | 1.7.6 | |
| zend | zend_framework | 1.7.7 | |
| zend | zend_framework | 1.7.8 | |
| zend | zend_framework | 1.7.9 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.1 | |
| zend | zend_framework | 1.8.2 | |
| zend | zend_framework | 1.8.3 | |
| zend | zend_framework | 1.8.4 | |
| zend | zend_framework | 1.8.5 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.1 | |
| zend | zend_framework | 1.9.2 | |
| zend | zend_framework | 1.9.3 | |
| zend | zend_framework | 1.9.4 | |
| zend | zend_framework | 1.9.5 | |
| zend | zend_framework | 1.9.6 | |
| zend | zend_framework | 1.9.7 | |
| zend | zend_framework | 1.9.8 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.1 | |
| zend | zend_framework | 1.10.2 | |
| zend | zend_framework | 1.10.3 | |
| zend | zend_framework | 1.10.4 | |
| zend | zend_framework | 1.10.5 | |
| zend | zend_framework | 1.10.6 | |
| zend | zend_framework | 1.10.7 | |
| zend | zend_framework | 1.10.8 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.1 | |
| zend | zend_framework | 1.11.2 | |
| zend | zend_framework | 1.11.3 | |
| zend | zend_framework | 1.11.4 | |
| zend | zend_framework | 1.11.5 | |
| zend | zend_framework | 1.11.6 | |
| zend | zend_framework | 1.11.7 | |
| zend | zend_framework | 1.11.8 | |
| zend | zend_framework | 1.11.9 | |
| zend | zend_framework | 1.11.10 | |
| zend | zend_framework | 1.11.11 | |
| zend | zend_framework | 1.11.12 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1417EB1F-5342-443B-AC81-3256FCCE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA9145E-8B8C-4822-A1FC-A891DF92FD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD97A6-336A-4B8A-AFC5-C9EA1DDCCC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B636257-9941-4997-9525-F8C5A920AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "118C20B5-FC8D-4EBF-A7D7-975A568A31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEB67E5-D7D9-443A-9176-3104A9C068AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F965C4F5-5F12-42CF-B120-758205E0E050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "531B7A51-2B4C-4A50-A8C8-D81040FF6E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16D75279-B5A8-4C82-B2C0-C58DEF56A086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D97342-CF37-486E-A3C9-FBA000F5A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "819E0C25-1413-4532-9427-24520E23C07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A96DF1-81D9-4BD3-9E62-CEECE377406D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF957F4D-FDFD-419B-AD2B-02E572A3BA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000BAA0C-6546-4DEC-8B85-146508C19F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "429128C9-689E-49EA-BD8C-138FC337AB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2096048C-7E4A-415E-AEBF-9AB7E8BCE894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72E45D-E298-45BD-9EE5-127D3EFEC17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "07D06D35-CE63-456D-A970-5AE663175E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11459424-1BA2-44D0-B831-92BE6E2664E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A847F7F6-18EF-44FB-9153-BD7D3223D6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE53880-D68C-49CB-BFE7-D1806AAD5C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45B7421E-E0C4-4594-AE81-4F3811CAAB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EABF4FA-D4A6-4C82-BF9C-A828B906F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F10191E-9EF7-47B8-9CDC-FCFE47AEFE50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E24C3-21CC-4ED2-8669-5D94BD5D99AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75B01DA0-E43B-456F-98CB-B806E3A54E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3BA6AE-8D0D-48C4-82C2-90164113232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C405425-36E0-458C-9EB8-760703DF39DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC94846-2345-4A62-8E57-AC7EAFCD05D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8074B0AD-C349-4BAC-9076-DD08893F5574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18F43C9F-1EE9-4B77-AD35-EB1286BED2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "557E4E4E-0022-4EEA-A08D-BFE2392147EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC4C9BC-B0FC-4050-B998-5DB523C26EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C844B367-8CE3-4347-B822-FA74D29E87C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78EAC4C3-D9D3-4F3C-A56E-C434F15860CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6322EB6C-3CAD-4E61-AC47-FDB416F9BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A341606-0AD5-442B-BEF3-D8246402CE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F033605-4770-453C-9C8D-48AB36B93F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF3E847-EF03-4B57-B54F-01E2D4DA2261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E7A156-6F31-48D6-B1A7-991CDC120602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC72907-188E-4B2B-AA08-482A98227961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1E9C46-CF7B-4142-A178-C21EB3E4C844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A033B19-5C9B-4948-88C6-9B8E69135112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81773611-D93F-4A8A-AE36-BEE60385F39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAF5871-E892-4EDE-8845-E3633E10F733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5C2A0-11C8-458A-910F-58E7F39243C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49C5F9-1C3D-44FD-831D-663013EDFA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B338FCC6-506F-468D-9551-B7FA22D31BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "687ABF79-8F2F-4E5F-BF2A-42AD4F60C178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82E96CB5-E6F8-4163-8A95-B72C243FF133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F486B0E-45D9-4B15-B4B7-1C35C3B9A8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A751B994-80CF-475C-AFCC-C3645A4B2BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F25F13A3-867D-4D79-8B7B-9771D3DB0540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64C08E10-14D4-4ACE-9064-8322A09773C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4B247-94D3-400C-A575-3DBA755C24E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A78C7EE7-7C12-45D2-913E-DC4902886C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "97F3ED10-8D1F-4D01-A79B-95AAF864B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E65648D-78FF-47D8-9F9E-66E9A8C121AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA6467DF-3983-4BB9-ACC7-C6AFE753E319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363."
},
{
"lang": "es",
"value": "(1) Zend_Dom, (2) Zend_Feed, y (3) Zend_Soap en Zend Framework v1.x antes de v1.11.13 y v1.12.0 1.12.x antes no gestionan correctamente SimpleXMLElement clases, lo que permite a atacantes remotos leer archivos arbitrarios o crear conexiones TCP a trav\u00e9s de una referencia de entidad externa en un elemento DOCTYPE en una solicitud XML-RPC, tambi\u00e9n conocido como un XML entidad externa (XXE) ataque de inyecci\u00f3n, una vulnerabilidad diferente a CVE-2012-3363."
}
],
"id": "CVE-2012-6531",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-13T17:55:01.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"source": "cve@mitre.org",
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-29 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://framework.zend.com/security/advisory/ZF2014-04 | Vendor Advisory | |
| secalert@redhat.com | http://jvn.jp/en/jp/JVN71730320/index.html | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2014/07/11/4 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/58847 | Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/68031 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://www.debian.org/security/2015/dsa-3265 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2014-04 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN71730320/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2014/07/11/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58847 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68031 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2015/dsa-3265 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4858D4E2-3CBC-4E8E-AF6C-1691FE93A2C4",
"versionEndExcluding": "1.12.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors."
},
{
"lang": "es",
"value": "La funci\u00f3n Zend_Db_Select::order en Zend Framework, en versiones anteriores a la 1.12.7, no gestiona correctamente los par\u00e9ntesis. Esto permite que atacantes remotos lleven a cabo ataques de inyecci\u00f3n SQL mediante vectores sin especificar."
}
],
"id": "CVE-2014-4914",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-29T14:29:00.220",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-04"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN71730320/index.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58847"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68031"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2015/dsa-3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN71730320/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/58847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2015/dsa-3265"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html | ||
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3265 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/10/10/5 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/70378 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/97038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3265 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/10/10/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70378 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/97038 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.1 | |
| zend | zend_framework | 1.12.2 | |
| zend | zend_framework | 1.12.3 | |
| zend | zend_framework | 1.12.5 | |
| zend | zend_framework | 2.0.0 | |
| zend | zend_framework | 2.01 | |
| zend | zend_framework | 2.2.2 | |
| zend | zend_framework | 2.2.3 | |
| zend | zend_framework | 2.2.4 | |
| zend | zend_framework | 2.2.5 | |
| zend | zend_framework | 2.2.6 | |
| zend | zend_framework | 2.2.7 | |
| zend | zend_framework | 2.3.0 | |
| zend | zend_framework | 2.3.1 | |
| zend | zend_framework | 2.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7EB14E-48F5-4732-8403-FA7BB658E291",
"versionEndIncluding": "1.12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBCDD61-759D-4623-B7ED-88E78BDE7397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A78C7EE7-7C12-45D2-913E-DC4902886C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "97F3ED10-8D1F-4D01-A79B-95AAF864B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E65648D-78FF-47D8-9F9E-66E9A8C121AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA6467DF-3983-4BB9-ACC7-C6AFE753E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93186E8D-5681-4350-A6B1-C020B3C47560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A65D2D2-766B-4C47-B6B8-352184D4D15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA1CB81-12EF-4509-9D64-726B6E29C3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0724571D-979D-4608-94A0-139848A37AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED897A0F-2530-4414-A7B1-D505952E2B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA7AFE5-C6A2-4191-AECE-EA40178A585E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E258FDD6-AF80-4166-A3C0-BC41EAFD894C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B537EBA-396D-4C52-A65D-CD26E59EE44A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80CD59F7-E5F7-4146-A422-79C652121D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F760DAF-39EE-400E-BEF4-B6816080538A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB89CEA-8DC2-4DD2-8A41-BD944261E1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C85F6A88-33E7-4C71-B52B-99D13CD23F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58B32A65-119C-45EF-8122-EBFCA41A1696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32E9E662-1642-49D6-9908-9BD4DE479114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACBA96F-C081-4B66-BC4B-C456FA688EA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind."
},
{
"lang": "es",
"value": "(1) La clase Zend_Ldap en Zend anterior a 1.12.9 y (2) el componente Zend\\Ldap en Zend 2.x anterior a 2.2.8 y 2.3.x anterior a 2.3.3 permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a que empiece por un byte nulo, lo que provoca un bind no autenticado."
}
],
"id": "CVE-2014-8088",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-22T14:55:07.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/10/10/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70378"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97038"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-15 22:15
Modified
2024-11-21 02:11
Severity ?
Summary
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2014/07/11/4 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/66971 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2014-4913 | Broken Link | |
| secalert@redhat.com | https://framework.zend.com/security/advisory/ZF2014-03 | Vendor Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2014-4913 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/07/11/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66971 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2014-4913 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://framework.zend.com/security/advisory/ZF2014-03 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2014-4913 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791B1B74-D95F-4A70-9002-28A4A4BBC2FC",
"versionEndExcluding": "2.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40E6682C-9A84-442C-B8AD-6560117A5D8B",
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZF2014-03 has a potential cross site scripting vector in multiple view helpers"
},
{
"lang": "es",
"value": "ZF2014-03, tiene un vector potencial de tipo cross site scripting en m\u00faltiples asistentes de vista."
}
],
"id": "CVE-2014-4913",
"lastModified": "2024-11-21T02:11:06.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-15T22:15:11.933",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66971"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2014-4913"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2014-03"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2014-4913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2014-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4913"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-16 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0151.html | Third Party Advisory | |
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2014-01 | Vendor Advisory | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/0 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3265 | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/66358 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0151.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2014-01 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/0 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3265 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66358 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zendrest | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zendservice_slideshare | * | |
| zend | zendservice_api | * | |
| zend | zendservice_audioscrobbler | * | |
| zend | zendservice_amazon | * | |
| zend | zendservice_technorati | * | |
| zend | zendservice_windowsazure | * | |
| zend | zendopenid | * | |
| zend | zendservice_nirvanix | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendrest:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8355D554-59F8-40DE-BEED-9608E710689F",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "836B23B2-F868-4068-8CAE-F9E0C9844D35",
"versionEndExcluding": "1.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CADA4077-F8CC-44EB-854A-8397EEF4D99D",
"versionEndExcluding": "2.1.6",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1211BC37-763D-4B18-87D8-6727CC049F81",
"versionEndExcluding": "2.2.6",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_slideshare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA03FE2-F2AF-4AAC-8699-B83428A177B9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_api:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BF3B28-536C-478F-8837-91AEAF4E182F",
"versionEndIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_audioscrobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7B01AC-43F4-46C7-ADFD-25EB628A3060",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_amazon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48545222-B223-4056-8AE4-0462089A8FDD",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_technorati:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01842993-10EC-49E4-BDC8-BB2379B0A938",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_windowsazure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C20DCB6-DB3C-4D05-A80C-83E6A9E1BFDF",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendopenid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255171B6-0A4C-4757-ADDA-28916398499C",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendservice_nirvanix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD90BDD0-0155-4D4C-AA05-FF87C6ABC47F",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657."
},
{
"lang": "es",
"value": "Zend Framework 1 (ZF1) anterior a 1.12.4, Zend Framework 2 anterior a 2.1.6 y 2.2.x anterior a 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, y ZendService_WindowsAzure anterior a 2.0.2, ZendService_Amazon before 2.0.3, y ZendService_Api anterior a 1.0.0, cuando usamos PHP-FPM, no comparte correctamente la configuraci\u00f3n entre hilos en libxml_disable_entity_loader, lo que podr\u00eda permitir a atacantes remotos realizar ataques XXE a trav\u00e9s de una declaraci\u00f3n de entidad externa de XML junto con una referencia de entidad. NOTA: este fallo existe porque no se soluci\u00f3n la CVE-2012-5657."
}
],
"id": "CVE-2014-2682",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T00:59:02.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/66358"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-13 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2012-02 | Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2012-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:115 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | 1.0.4 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.1 | |
| zend | zend_framework | 1.5.2 | |
| zend | zend_framework | 1.5.3 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.1 | |
| zend | zend_framework | 1.6.2 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.1 | |
| zend | zend_framework | 1.7.2 | |
| zend | zend_framework | 1.7.3 | |
| zend | zend_framework | 1.7.4 | |
| zend | zend_framework | 1.7.5 | |
| zend | zend_framework | 1.7.6 | |
| zend | zend_framework | 1.7.7 | |
| zend | zend_framework | 1.7.8 | |
| zend | zend_framework | 1.7.9 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.1 | |
| zend | zend_framework | 1.8.2 | |
| zend | zend_framework | 1.8.3 | |
| zend | zend_framework | 1.8.4 | |
| zend | zend_framework | 1.8.5 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.1 | |
| zend | zend_framework | 1.9.2 | |
| zend | zend_framework | 1.9.3 | |
| zend | zend_framework | 1.9.4 | |
| zend | zend_framework | 1.9.5 | |
| zend | zend_framework | 1.9.6 | |
| zend | zend_framework | 1.9.7 | |
| zend | zend_framework | 1.9.8 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.1 | |
| zend | zend_framework | 1.10.2 | |
| zend | zend_framework | 1.10.3 | |
| zend | zend_framework | 1.10.4 | |
| zend | zend_framework | 1.10.5 | |
| zend | zend_framework | 1.10.6 | |
| zend | zend_framework | 1.10.7 | |
| zend | zend_framework | 1.10.8 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.1 | |
| zend | zend_framework | 1.11.2 | |
| zend | zend_framework | 1.11.3 | |
| zend | zend_framework | 1.11.4 | |
| zend | zend_framework | 1.11.5 | |
| zend | zend_framework | 1.11.6 | |
| zend | zend_framework | 1.11.7 | |
| zend | zend_framework | 1.11.8 | |
| zend | zend_framework | 1.11.9 | |
| zend | zend_framework | 1.11.10 | |
| zend | zend_framework | 1.11.11 | |
| zend | zend_framework | 1.11.12 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1417EB1F-5342-443B-AC81-3256FCCE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA9145E-8B8C-4822-A1FC-A891DF92FD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD97A6-336A-4B8A-AFC5-C9EA1DDCCC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B636257-9941-4997-9525-F8C5A920AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "118C20B5-FC8D-4EBF-A7D7-975A568A31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEB67E5-D7D9-443A-9176-3104A9C068AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F965C4F5-5F12-42CF-B120-758205E0E050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "531B7A51-2B4C-4A50-A8C8-D81040FF6E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16D75279-B5A8-4C82-B2C0-C58DEF56A086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D97342-CF37-486E-A3C9-FBA000F5A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "819E0C25-1413-4532-9427-24520E23C07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A96DF1-81D9-4BD3-9E62-CEECE377406D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF957F4D-FDFD-419B-AD2B-02E572A3BA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000BAA0C-6546-4DEC-8B85-146508C19F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "429128C9-689E-49EA-BD8C-138FC337AB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2096048C-7E4A-415E-AEBF-9AB7E8BCE894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72E45D-E298-45BD-9EE5-127D3EFEC17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "07D06D35-CE63-456D-A970-5AE663175E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11459424-1BA2-44D0-B831-92BE6E2664E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A847F7F6-18EF-44FB-9153-BD7D3223D6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE53880-D68C-49CB-BFE7-D1806AAD5C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45B7421E-E0C4-4594-AE81-4F3811CAAB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EABF4FA-D4A6-4C82-BF9C-A828B906F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F10191E-9EF7-47B8-9CDC-FCFE47AEFE50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E24C3-21CC-4ED2-8669-5D94BD5D99AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75B01DA0-E43B-456F-98CB-B806E3A54E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3BA6AE-8D0D-48C4-82C2-90164113232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C405425-36E0-458C-9EB8-760703DF39DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC94846-2345-4A62-8E57-AC7EAFCD05D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8074B0AD-C349-4BAC-9076-DD08893F5574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18F43C9F-1EE9-4B77-AD35-EB1286BED2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "557E4E4E-0022-4EEA-A08D-BFE2392147EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC4C9BC-B0FC-4050-B998-5DB523C26EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C844B367-8CE3-4347-B822-FA74D29E87C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78EAC4C3-D9D3-4F3C-A56E-C434F15860CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6322EB6C-3CAD-4E61-AC47-FDB416F9BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A341606-0AD5-442B-BEF3-D8246402CE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F033605-4770-453C-9C8D-48AB36B93F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF3E847-EF03-4B57-B54F-01E2D4DA2261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E7A156-6F31-48D6-B1A7-991CDC120602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC72907-188E-4B2B-AA08-482A98227961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1E9C46-CF7B-4142-A178-C21EB3E4C844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A033B19-5C9B-4948-88C6-9B8E69135112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81773611-D93F-4A8A-AE36-BEE60385F39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAF5871-E892-4EDE-8845-E3633E10F733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5C2A0-11C8-458A-910F-58E7F39243C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49C5F9-1C3D-44FD-831D-663013EDFA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B338FCC6-506F-468D-9551-B7FA22D31BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "687ABF79-8F2F-4E5F-BF2A-42AD4F60C178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82E96CB5-E6F8-4163-8A95-B72C243FF133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F486B0E-45D9-4B15-B4B7-1C35C3B9A8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A751B994-80CF-475C-AFCC-C3645A4B2BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F25F13A3-867D-4D79-8B7B-9771D3DB0540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64C08E10-14D4-4ACE-9064-8322A09773C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4B247-94D3-400C-A575-3DBA755C24E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A78C7EE7-7C12-45D2-913E-DC4902886C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "97F3ED10-8D1F-4D01-A79B-95AAF864B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E65648D-78FF-47D8-9F9E-66E9A8C121AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA6467DF-3983-4BB9-ACC7-C6AFE753E319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack."
},
{
"lang": "es",
"value": "(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, y (4) Zend_XmlRpc en Zend Framework v1.x antes de v1.11.13 y antes v1.12.0 1.12.x de permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU ) a trav\u00e9s de referencias recursivas o circular en una definici\u00f3n XML de entidad en una declaraci\u00f3n XML DOCTYPE, tambi\u00e9n conocido como una entidad de expansi\u00f3n XML (XEE) ataque."
}
],
"id": "CVE-2012-6532",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-13T17:55:01.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-02"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-16 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0151.html | ||
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2014-02 | Vendor Advisory | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/0 | ||
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3265 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/66358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0151.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2014-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3265 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66358 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zendopenid | * | |
| zend | zend_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendopenid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255171B6-0A4C-4757-ADDA-28916398499C",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA449F4-8463-4C40-877F-572A61445339",
"versionEndIncluding": "1.12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values."
},
{
"lang": "es",
"value": "La clase GenericConsumer en el componente Consumer en ZendOpenId anterior a 2.0.2 y la clase Zend_OpenId_Consumer en Zend Framework 1 anterior a 1.12.4 no verifican correctamente que el valor de openid_op_endpoint identifique el mismo proveedor de identidad que el proveedor manejado en la asociaci\u00f3n, lo que permite a atacantes remotos evadir la autenticaci\u00f3n y falsificar identidades OpenID de forma arbitraria usando un proveedor de OpenID malicioso que genera tokens OpenID con identificadores y valores claimed_id arbitrarios."
}
],
"id": "CVE-2014-2684",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T00:59:04.983",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66358"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN18926672/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://framework.zend.com/security/advisory/ZF2016-03 | Exploit, Technical Description, Vendor Advisory | |
| vultures@jpcert.or.jp | https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html | ||
| vultures@jpcert.or.jp | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/ | ||
| vultures@jpcert.or.jp | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/ | ||
| vultures@jpcert.or.jp | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/ | ||
| vultures@jpcert.or.jp | https://security.gentoo.org/glsa/201804-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN18926672/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://framework.zend.com/security/advisory/ZF2016-03 | Exploit, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201804-10 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| fedoraproject | fedora | 25 | |
| zend | zend_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A99A8CC5-C3CF-4EA9-BBCA-B53D73AA780A",
"versionEndIncluding": "1.12.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation."
},
{
"lang": "es",
"value": "Los m\u00e9todos (1) order y (2) group en Zend_Db_Select en la Zend Framework en versiones anteriores a 1.12.20 podr\u00edan permitir a atacantes remotos llevar a cabo ataques de inyecci\u00f3n SQL aprovechando el fallo para borrar comentarios de una sentencia SQL antes de la validaci\u00f3n."
}
],
"id": "CVE-2016-4861",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T02:59:13.013",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN18926672/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-03"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN18926672/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201804-10"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-17 22:15
Modified
2024-11-21 02:18
Severity ?
Summary
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2014-06 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q4/276 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/70011 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1151277 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2014-06 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q4/276 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70011 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1151277 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| zend | zend_framework | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4F7467-35BE-4334-8252-884C2147CA25",
"versionEndExcluding": "1.12.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F466E328-5176-457D-B646-ED804E96BDBD",
"versionEndExcluding": "2.2.8",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1C6B34-A116-46B2-B3C0-AE47F4A3DA55",
"versionEndExcluding": "2.3.3",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Zend Framework versiones anteriores a 1.12.9, versiones 2.2.x anteriores a 2.2.8 y versiones 2.3.x anteriores a 2.3.3, cuando se usa la extensi\u00f3n PHP sqlsrv, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de un byte null."
}
],
"id": "CVE-2014-8089",
"lastModified": "2024-11-21T02:18:31.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-17T22:15:11.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-06"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q4/276"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70011"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q4/276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1151277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-04 17:55
Modified
2025-04-12 10:46
Severity ?
Summary
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0151.html | ||
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2014-02 | Vendor Advisory | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q2/0 | ||
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3265 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/66358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0151.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2014-02 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q2/0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3265 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66358 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.0 | |
| zend | zend_framework | 1.0.1 | |
| zend | zend_framework | 1.0.2 | |
| zend | zend_framework | 1.0.3 | |
| zend | zend_framework | 1.0.4 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.0 | |
| zend | zend_framework | 1.5.1 | |
| zend | zend_framework | 1.5.2 | |
| zend | zend_framework | 1.5.3 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.0 | |
| zend | zend_framework | 1.6.1 | |
| zend | zend_framework | 1.6.2 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.0 | |
| zend | zend_framework | 1.7.1 | |
| zend | zend_framework | 1.7.2 | |
| zend | zend_framework | 1.7.3 | |
| zend | zend_framework | 1.7.3 | |
| zend | zend_framework | 1.7.4 | |
| zend | zend_framework | 1.7.5 | |
| zend | zend_framework | 1.7.6 | |
| zend | zend_framework | 1.7.7 | |
| zend | zend_framework | 1.7.8 | |
| zend | zend_framework | 1.7.9 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.0 | |
| zend | zend_framework | 1.8.1 | |
| zend | zend_framework | 1.8.2 | |
| zend | zend_framework | 1.8.3 | |
| zend | zend_framework | 1.8.4 | |
| zend | zend_framework | 1.8.4 | |
| zend | zend_framework | 1.8.5 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.0 | |
| zend | zend_framework | 1.9.1 | |
| zend | zend_framework | 1.9.2 | |
| zend | zend_framework | 1.9.3 | |
| zend | zend_framework | 1.9.3 | |
| zend | zend_framework | 1.9.4 | |
| zend | zend_framework | 1.9.5 | |
| zend | zend_framework | 1.9.6 | |
| zend | zend_framework | 1.9.7 | |
| zend | zend_framework | 1.9.8 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.0 | |
| zend | zend_framework | 1.10.1 | |
| zend | zend_framework | 1.10.2 | |
| zend | zend_framework | 1.10.3 | |
| zend | zend_framework | 1.10.4 | |
| zend | zend_framework | 1.10.5 | |
| zend | zend_framework | 1.10.6 | |
| zend | zend_framework | 1.10.7 | |
| zend | zend_framework | 1.10.8 | |
| zend | zend_framework | 1.10.9 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.0 | |
| zend | zend_framework | 1.11.1 | |
| zend | zend_framework | 1.11.2 | |
| zend | zend_framework | 1.11.3 | |
| zend | zend_framework | 1.11.4 | |
| zend | zend_framework | 1.11.5 | |
| zend | zend_framework | 1.11.6 | |
| zend | zend_framework | 1.11.7 | |
| zend | zend_framework | 1.11.8 | |
| zend | zend_framework | 1.11.9 | |
| zend | zend_framework | 1.11.10 | |
| zend | zend_framework | 1.11.11 | |
| zend | zend_framework | 1.11.12 | |
| zend | zend_framework | 1.11.13 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.0 | |
| zend | zend_framework | 1.12.1 | |
| zend | zend_framework | 1.12.2 | |
| zend | zendopenid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "269217EF-D4A3-4789-BC72-05F2CDFDDF68",
"versionEndIncluding": "1.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C42B4F3-D79C-42DE-B86C-9E7612E71661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "536CC39B-D305-492F-892C-6431BD7BA95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17673E8C-CB65-447E-8A6B-1083E6E77B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "CA85105D-B9FB-4147-87B7-4F4DD0324AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "99C549AF-2C59-4D8E-B651-EA630C3B2975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50EF804C-102C-47F5-A85A-63EAA7EF9BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B648466-36AD-4EC0-BDE1-C976F697D58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9DCE27-D2D1-4329-88F5-911DA763469C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1417EB1F-5342-443B-AC81-3256FCCE1BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA9145E-8B8C-4822-A1FC-A891DF92FD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:pl:*:*:*:*:*:*",
"matchCriteriaId": "BE686B51-76FB-442F-94BE-60E95CFF67AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:pr:*:*:*:*:*:*",
"matchCriteriaId": "2F9BD7D0-C975-4E7E-BCD1-C7FB52B1D5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE350CD6-54CA-4BDF-9327-60F872098D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3603D2F-91FE-4B12-A5BC-2F63E1612A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "04524F0F-6C21-4670-9B2C-A3B06C151799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD97A6-336A-4B8A-AFC5-C9EA1DDCCC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B636257-9941-4997-9525-F8C5A920AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "118C20B5-FC8D-4EBF-A7D7-975A568A31BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEB67E5-D7D9-443A-9176-3104A9C068AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20C61B54-2D08-45FD-A10A-34AD50EC3BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1FD68242-67DB-4C1D-8265-7839976DBCEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9C32036E-14BC-48AE-92A4-9DDCC96EC557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F965C4F5-5F12-42CF-B120-758205E0E050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "531B7A51-2B4C-4A50-A8C8-D81040FF6E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16D75279-B5A8-4C82-B2C0-C58DEF56A086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EE99D584-E652-4B9F-BD2E-45A167B1524C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:pr:*:*:*:*:*:*",
"matchCriteriaId": "0EE1CCE3-4AD0-4ABD-B4C9-5390F9CDB37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D97342-CF37-486E-A3C9-FBA000F5A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "819E0C25-1413-4532-9427-24520E23C07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A96DF1-81D9-4BD3-9E62-CEECE377406D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:pl1:*:*:*:*:*:*",
"matchCriteriaId": "744FEDE8-5825-4C5C-887D-9ADCC9183AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF957F4D-FDFD-419B-AD2B-02E572A3BA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000BAA0C-6546-4DEC-8B85-146508C19F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "429128C9-689E-49EA-BD8C-138FC337AB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2096048C-7E4A-415E-AEBF-9AB7E8BCE894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72E45D-E298-45BD-9EE5-127D3EFEC17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "07D06D35-CE63-456D-A970-5AE663175E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11459424-1BA2-44D0-B831-92BE6E2664E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "FACC0F56-C6CB-4BC7-946E-8077B2C90B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "BB4F6AA5-8320-4451-9C8C-02D68FE4CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A847F7F6-18EF-44FB-9153-BD7D3223D6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE53880-D68C-49CB-BFE7-D1806AAD5C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45B7421E-E0C4-4594-AE81-4F3811CAAB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EABF4FA-D4A6-4C82-BF9C-A828B906F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:pl1:*:*:*:*:*:*",
"matchCriteriaId": "1EA1EBE6-0E18-44FA-BE72-D6512E7409B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F10191E-9EF7-47B8-9CDC-FCFE47AEFE50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E24C3-21CC-4ED2-8669-5D94BD5D99AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "075019DE-CC38-4DFF-B869-5884A7AC9000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "81CC10E4-37A8-4BAD-AC6D-EAD3A7E70CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3E9C9A-E12F-43EC-9134-4EFF2BA6B4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75B01DA0-E43B-456F-98CB-B806E3A54E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3BA6AE-8D0D-48C4-82C2-90164113232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C405425-36E0-458C-9EB8-760703DF39DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:pl1:*:*:*:*:*:*",
"matchCriteriaId": "1E3911A0-F189-488A-9246-BA8B1CF9B8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC94846-2345-4A62-8E57-AC7EAFCD05D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8074B0AD-C349-4BAC-9076-DD08893F5574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18F43C9F-1EE9-4B77-AD35-EB1286BED2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "557E4E4E-0022-4EEA-A08D-BFE2392147EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC4C9BC-B0FC-4050-B998-5DB523C26EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C844B367-8CE3-4347-B822-FA74D29E87C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "0AAF2D17-6E72-4E27-B94B-397DB9C3A682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF93FB2E-0F51-4EE0-9A29-91B2A2311FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "528D7214-C4EE-40D9-83CF-F9B81382F257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78EAC4C3-D9D3-4F3C-A56E-C434F15860CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6322EB6C-3CAD-4E61-AC47-FDB416F9BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A341606-0AD5-442B-BEF3-D8246402CE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F033605-4770-453C-9C8D-48AB36B93F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF3E847-EF03-4B57-B54F-01E2D4DA2261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E7A156-6F31-48D6-B1A7-991CDC120602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC72907-188E-4B2B-AA08-482A98227961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1E9C46-CF7B-4142-A178-C21EB3E4C844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0227AEB0-4C45-4744-8501-B20F7B4254D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A033B19-5C9B-4948-88C6-9B8E69135112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "D5B221F8-CF2D-4994-87D9-57375D0942DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E8BCCB2A-7873-4027-AECE-024EF7A71E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81773611-D93F-4A8A-AE36-BEE60385F39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAF5871-E892-4EDE-8845-E3633E10F733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5C2A0-11C8-458A-910F-58E7F39243C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49C5F9-1C3D-44FD-831D-663013EDFA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B338FCC6-506F-468D-9551-B7FA22D31BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "687ABF79-8F2F-4E5F-BF2A-42AD4F60C178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82E96CB5-E6F8-4163-8A95-B72C243FF133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F486B0E-45D9-4B15-B4B7-1C35C3B9A8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A751B994-80CF-475C-AFCC-C3645A4B2BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F25F13A3-867D-4D79-8B7B-9771D3DB0540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64C08E10-14D4-4ACE-9064-8322A09773C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4B247-94D3-400C-A575-3DBA755C24E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2D934F3F-997E-44B8-A4D2-CC07FEEB7271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBCDD61-759D-4623-B7ED-88E78BDE7397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A78C7EE7-7C12-45D2-913E-DC4902886C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "97F3ED10-8D1F-4D01-A79B-95AAF864B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E65648D-78FF-47D8-9F9E-66E9A8C121AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA6467DF-3983-4BB9-ACC7-C6AFE753E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93186E8D-5681-4350-A6B1-C020B3C47560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A65D2D2-766B-4C47-B6B8-352184D4D15A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zendopenid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255171B6-0A4C-4757-ADDA-28916398499C",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider."
},
{
"lang": "es",
"value": "La clase GenericConsumer en el componente Consumer en ZendOpenId anterior a 2.0.2 y la clase Zend_OpenId_Consumer en Zend Framework 1 anterior a 1.12.4 violan el protocolo OpenID 2.0 al asegurar solamente que al menos un campo est\u00e9 firmado, lo que permite a atacantes remotos evadir la autenticaci\u00f3n mediante el aprovechamiento de una aserci\u00f3n de un proveedor OpenID."
}
],
"id": "CVE-2014-2685",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-04T17:55:04.747",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://framework.zend.com/security/advisory/ZF2014-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66358"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1207781 | Issue Tracking, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://framework.zend.com/changelog/2.3.6 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1207781 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://framework.zend.com/changelog/2.3.6 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | 2.3.0 | |
| zend | zend_framework | 2.3.1 | |
| zend | zend_framework | 2.3.2 | |
| zend | zend_framework | 2.3.3 | |
| zend | zend_framework | 2.3.4 | |
| zend | zend_framework | 2.3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58B32A65-119C-45EF-8122-EBFCA41A1696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32E9E662-1642-49D6-9908-9BD4DE479114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACBA96F-C081-4B66-BC4B-C456FA688EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23C2DD7D-3CB8-4E69-9B4D-B0A4552A1177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D3129429-DD49-416B-BFD0-174713966A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend_framework:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDE54C3-5D05-4CEE-8FA1-840E6DC5D110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers."
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo Cross-site request forgery (CSRF) en Zend/Validator/Csrf en Zend Framework , versiones 2.3.x anteriores a la 2.3.6 a trav\u00e9s de identificadores de tokenes mal construidos o nulos."
}
],
"id": "CVE-2015-1786",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T21:29:00.283",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://framework.zend.com/changelog/2.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://framework.zend.com/changelog/2.3.6"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-07 14:06
Modified
2025-04-12 10:46
Severity ?
Summary
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://framework.zend.com/security/advisory/ZF2015-07 | ||
| cve@mitre.org | http://www.debian.org/security/2015/dsa-3369 | ||
| cve@mitre.org | http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html | Vendor Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://framework.zend.com/security/advisory/ZF2015-07 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2015/dsa-3369 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend-cache | * | |
| zend | zend-cache | 2.5.0 | |
| zend | zend-cache | 2.5.1 | |
| zend | zend-cache | 2.5.2 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| doctrine-project | object_relational_mapper | * | |
| doctrine-project | object_relational_mapper | 2.5.0 | |
| doctrine-project | object_relational_mapper | 2.5.0 | |
| doctrine-project | object_relational_mapper | 2.5.0 | |
| doctrine-project | object_relational_mapper | 2.5.0 | |
| doctrine-project | object_relational_mapper | 2.5.0 | |
| doctrine-project | object_relational_mapper | 2.5.0 | |
| doctrine-project | doctrinemongodbbundle | 3.0.0 | |
| zend | zend_framework | * | |
| doctrine-project | common | * | |
| doctrine-project | common | 2.5.0 | |
| doctrine-project | common | 2.5.0 | |
| doctrine-project | annotations | * | |
| doctrine-project | mongodb-odm | * | |
| zend | zend_framework | * | |
| doctrine-project | cache | * | |
| doctrine-project | cache | 1.4.0 | |
| doctrine-project | cache | 1.4.1 | |
| zend | zf-apigility-doctrine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend-cache:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67A5BE81-0B49-43A9-B4D3-54FCE0D6AE28",
"versionEndIncluding": "2.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-cache:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E95FED4-A1B2-4851-AF95-0979121C0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-cache:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC6C748-A52E-47A4-A615-70E59D1D30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-cache:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED45A472-B109-44FA-901B-164DF0F4DF40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8904C198-BB8B-4E8C-80ED-CC4676065781",
"versionEndIncluding": "2.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED8B959-CE8F-49AA-B998-8598C8F0A6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C2A8659A-7A7F-40B9-B60F-71FE4637B016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "2C887BAC-8EEC-4F3D-B1D8-023B80A3D8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "75BA49E2-ABC5-4A61-968B-1CAA2FF7A942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F2D4F787-6BE1-4CC6-9A24-00EE601ACCEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E14E6992-D334-465E-ACE9-F0D0DA6FDC05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:doctrine-project:doctrinemongodbbundle:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8FB62B-8DB3-46D9-9636-B877B10061C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB7019C-C868-4512-8855-F6ED2AC6A3A7",
"versionEndIncluding": "2.4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:doctrine-project:common:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F004153E-7D36-4621-96DC-C47522EC1204",
"versionEndIncluding": "2.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A88FB2A6-8AE3-46F4-91EB-BD7CAE22A83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DF529016-31C4-4948-BA5C-3ED7C3DE062C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:doctrine-project:annotations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "520EA826-22BD-496F-9DC9-267C76319B23",
"versionEndIncluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:doctrine-project:mongodb-odm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF62C793-9B7F-4B67-A7AC-CD27F6670B2D",
"versionEndIncluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CA52AF-D551-4CE9-A4CD-F264F702634A",
"versionEndIncluding": "1.12.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:doctrine-project:cache:*:*:*:*:*:*:*:*",
"matchCriteriaId": "809D06DE-60BB-4697-94E7-CEE067FED890",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:cache:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E592D06-5F25-4015-A780-595130F48055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:doctrine-project:cache:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6EA11-5D22-42C7-A085-28CCF728F4C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zf-apigility-doctrine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461C9713-8E45-4642-8D35-F9878F931080",
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code."
},
{
"lang": "es",
"value": "Doctrine Annotations en versiones anteriores a 1.2.7, Cache en versiones anteriores a 1.3.2 y 1.4.x en versiones anteriores a 1.4.2, Common en versiones anteriores a 2.4.3 y 2.5.x en versiones anteriores a 2.5.1, ORM en versiones anteriores 2.4.8 o 2.5.x en versiones anteriores 2.5.1, MongoDB ODM en versiones anteriores a 1.0.2 y MongoDB ODM Bundle en versiones anteriores a 3.0.1 utilizan permisos de escritura universal para directorios de cach\u00e9, lo que permite a usuarios locales ejecutar c\u00f3digo PHP arbitrario con privilegios adicionales aprovechando una aplicaci\u00f3n con el umask establecido a 0 y que ejecuta entradas de cach\u00e9 como c\u00f3digo."
}
],
"id": "CVE-2015-5723",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-07T14:06:08.697",
"references": [
{
"source": "cve@mitre.org",
"url": "http://framework.zend.com/security/advisory/ZF2015-07"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://framework.zend.com/security/advisory/ZF2015-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://www.securityfocus.com/bid/91802 | Third Party Advisory, VDB Entry | |
| security@debian.org | https://framework.zend.com/security/advisory/ZF2016-02 | Exploit, Technical Description, Vendor Advisory | |
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/ | ||
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/ | ||
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/ | ||
| security@debian.org | https://security.gentoo.org/glsa/201804-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91802 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://framework.zend.com/security/advisory/ZF2016-02 | Exploit, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201804-10 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| fedoraproject | fedora | 25 | |
| zend | zend_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A99A8CC5-C3CF-4EA9-BBCA-B53D73AA780A",
"versionEndIncluding": "1.12.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\\w]* in a regular expression."
},
{
"lang": "es",
"value": "Los m\u00e9todos (1) order y (2) group en Zend_Db_Select en la Zend Framework en versiones anteriores a 1.12.19 podr\u00edan permitir a atacantes remotos llevar a cabo ataques de inyecci\u00f3n SQL a trav\u00e9s de vectores relacionados con el uso del patr\u00f3n de caracteres [\\w]* en una expresi\u00f3n regular."
}
],
"id": "CVE-2016-6233",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T02:59:13.500",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91802"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-02"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201804-10"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 15:15
Modified
2025-02-18 17:15
Severity ?
Summary
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://zend.com | Product | |
| cve@mitre.org | https://cowtransfer.com/s/f9684f004d7149 | Broken Link | |
| cve@mitre.org | https://github.com/zendframework/zendframework | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://zend.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cowtransfer.com/s/f9684f004d7149 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zendframework/zendframework | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zend | zend_framework | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE98955F-D65E-4675-A060-942DD2CC6CC5",
"versionEndIncluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020."
}
],
"id": "CVE-2020-29312",
"lastModified": "2025-02-18T17:15:11.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T15:15:08.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://zend.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://cowtransfer.com/s/f9684f004d7149"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/zendframework/zendframework"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://zend.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://cowtransfer.com/s/f9684f004d7149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/zendframework/zendframework"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-30 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/95144 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037539 | ||
| cve@mitre.org | https://framework.zend.com/security/advisory/ZF2016-04 | Exploit, Technical Description, Vendor Advisory | |
| cve@mitre.org | https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201804-10 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/40979/ | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/40986/ | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/42221/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95144 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037539 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://framework.zend.com/security/advisory/ZF2016-04 | Exploit, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201804-10 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40979/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40986/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42221/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4316D3-9F7E-4FB9-B505-0305C7F3C55F",
"versionEndIncluding": "2.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zend:zend-mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E983A57-3C2F-442A-956F-8807BA45FC6B",
"versionEndIncluding": "2.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D78D7F91-2B1F-4BF3-9682-EF837F37A1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FE88C0-6FDB-404B-844E-4CC19C1AAA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FCF2DC-9B27-4D87-A19A-60548BA20045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "503FBA9F-F706-4919-BEF2-15D95946F841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0114D78C-B31B-4FD2-BACC-60F4080C8AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA34ADC-A2D8-4CBC-98AC-F0FD19B8A2AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DDCA88-6D26-4022-BC68-DBB346DBF3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zend:zend-mail:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "184CCEDD-DCE5-4B0B-AF69-9E7294638427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted e-mail address."
},
{
"lang": "es",
"value": "La funci\u00f3n setFrom en el adaptador Sendmail en el componente zend-mail en versiones anteriores a 2.4.11, 2.5.x, 2.6.x y 2.7.x en versiones anteriores a 2.7.2 y Zend Framework en versiones anteriores a 2.4.11podr\u00eda permitir a atacantes remotos pasar par\u00e1metros extras al comando mail y en consecuencia ejecutar un c\u00f3digo arbitrario a trav\u00e9s de \\\" (backslash cita doble) en una direcci\u00f3n e-mail manipulada."
}
],
"id": "CVE-2016-10034",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-30T19:59:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95144"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037539"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-04"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40979/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40986/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/42221/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Vendor Advisory"
],
"url": "https://framework.zend.com/security/advisory/ZF2016-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201804-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40979/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40986/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42221/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}