Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable9150.PRM
HistoryMar 15, 2016 - 12:00 a.m.

Zend Framework < 1.12.4 Multiple Vulnerabilities

2016-03-1500:00:00
Tenable
www.tenable.com
12
JSON

Versions of Zend Framework earlier than 1.12.4 are vulnerable to the following security flaws :

  • A flaw exists in the ‘Consumer’ component, as it is possible to login using an arbitrary OpenID account without knowing any secret information. With a specially crafted OpenID Provider, a remote attacker can impersonate any OpenID Identity to bypass the authentication mechanism. (CVE-2014-2684)
  • A flaw in the ‘Consumer’ component, as elements in OpenID tokens are not properly checked to ensure they’re signed. The framework considers a single signed element as sufficient whereas the specification states that more elements are required to be signed if present. This may allow a remote attacker to cause insufficiently signed OpenID tokens to be accepted as valid. (CVE-2014-2685)
Binary data 9150.prm
VendorProductVersionCPE
thomas_breusszend_framework_integration_zend_frameworkcpe:/a:thomas_breuss:zend_framework_integration_zend_framework

Related

cve 2
openvas 15
fedora 8
nessus 9
prion 2
veracode 2
ubuntucve 2
mageia 1
securityvulns 5
amazon 1
osv 4
debian 4
cve
cve
CVE-2014-2685
2014-09-04 17:55:00
CVE-2014-2684
2014-11-16 00:59:00
openvas
openvas
Fedora Update for php-ZendFramework FEDORA-2014-4603
2014-04-15 00:00:00
Fedora Update for php-ZendFramework2 FEDORA-2014-4612
2014-04-15 00:00:00
Fedora Update for php-ZendFramework2 FEDORA-2014-4636
2014-04-15 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: php-ZendFramework-1.12.5-1.fc20
2014-04-14 22:36:10
[SECURITY] Fedora 20 Update: php-ZendFramework2-2.2.7-1.fc20
2014-05-28 23:52:16
[SECURITY] Fedora 19 Update: php-ZendFramework2-2.2.6-1.fc19
2014-04-14 22:40:52
nessus
nessus
Fedora 19 : php-ZendFramework-1.12.5-1.fc19 (2014-4603)
2014-04-15 00:00:00
Amazon Linux AMI : php-ZendFramework (ALAS-2014-377)
2014-10-12 00:00:00
Fedora 20 : php-ZendFramework2-2.2.6-1.fc20 (2014-4612)
2014-04-15 00:00:00
prion
prion
Authentication flaw
2014-09-04 17:55:00
Authentication flaw
2014-11-16 00:59:00
veracode
veracode
Authentication Bypass
2017-07-30 23:11:29
Bypassing Authentication And Spoofing Arbitrary OpenID Identities
2017-07-29 12:01:20
ubuntucve
ubuntucve
CVE-2014-2685
2014-09-04 00:00:00
CVE-2014-2684
2014-11-16 00:00:00
mageia
mageia
Updated php-ZendFramework packages fix multiple vulnerabilities
2014-04-03 04:43:46
securityvulns
securityvulns
[ MDVSA-2014:072 ] php-ZendFramework
2014-05-05 00:00:00
[ MDVSA-2015:097 ] php-ZendFramework
2015-05-12 00:00:00
[SECURITY] [DSA 3265-1] zendframework security update
2015-06-08 00:00:00
amazon
amazon
Important: php-ZendFramework
2014-07-23 13:39:00
osv
osv
zendframework - security update
2015-05-20 00:00:00
zendframework - regression update
2015-05-20 00:00:00
zendframework - security update
2015-06-23 00:00:00
debian
debian
[SECURITY] [DSA 3265-1] zendframework security update
2015-05-20 09:37:25
[SECURITY] [DSA 3265-2] zendframework regression update
2015-05-24 11:55:24
[SECURITY] [DLA 251-1] zendframework security update
2015-06-20 18:40:57
JSON
Related for 9150.PRM
cve2openvas15fedora8nessus9prion2veracode2ubuntucve2mageia1securityvulns5amazon1osv4debian4