Lucene search

K
osvGoogleOSV:DLA-251-2
HistoryJun 23, 2015 - 12:00 a.m.

zendframework - regression update

2015-06-2300:00:00
Google
osv.dev
19

EPSS

0.016

Percentile

87.5%

The previous zendframework upload incorrectly fixes CVE-2015-3154,
causing a regression. This update corrects this problem. Thanks to
Евгений Смолин (Evgeny Smolin).

  • CVE-2012-6531
    PĂĄdraic Brady identified a weakness to handle the SimpleXMLElement
    zendframework class, allowing to remote attackers to read arbitrary
    files or create TCP connections via an XML external entity (XXE)
    injection attack.
  • CVE-2012-6532
    PĂĄdraic Brady found that remote attackers could cause a denial of
    service by CPU consumption, via recursive or circular references
    through an XML entity expansion (XEE) attack.
  • CVE-2014-2681
    Lukas Reschke reported a lack of protection against XML External
    Entity injection attacks in some functions. This fix extends the
    incomplete one from CVE-2012-5657.
  • CVE-2014-2682
    Lukas Reschke reported a failure to consider that the
    libxml_disable_entity_loader setting is shared among threads in the
    PHP-FPM case. This fix extends the incomplete one from
    CVE-2012-5657.
  • CVE-2014-2683
    Lukas Reschke reported a lack of protection against XML Entity
    Expansion attacks in some functions. This fix extends the incomplete
    one from CVE-2012-6532.
  • CVE-2014-2684
    Christian Mainka and Vladislav Mladenov from the Ruhr-University
    Bochum reported an error in the consumer’s verify method that lead
    to acceptance of wrongly sourced tokens.
  • CVE-2014-2685
    Christian Mainka and Vladislav Mladenov from the Ruhr-University
    Bochum reported a specification violation in which signing of a
    single parameter is incorrectly considered sufficient.
  • CVE-2014-4914
    Cassiano Dal Pizzol discovered that the implementation of the ORDER
    BY SQL statement in Zend_Db_Select contains a potential SQL
    injection when the query string passed contains parentheses.
  • CVE-2014-8088
    Yury Dyachenko at Positive Research Center identified potential XML
    eXternal Entity injection vectors due to insecure usage of PHP’s DOM
    extension.
  • CVE-2014-8089
    Jonas SandstrĂśm discovered an SQL injection vector when manually
    quoting value for sqlsrv extension, using null byte.
  • CVE-2015-3154
    Filippo Tessarotto and Maks3w reported potential CRLF injection
    attacks in mail and HTTP headers.