Zend Framework@2.3.2 Security Vulnerabilities and Issues — Zend Framework@2.3.2 CVE List

Lucene search

ZendZend Framework2.3.2

4 matches found

CVE•added 2015/08/25 5:59 p.m.•179 views

CVE-2015-5161

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XE...

6.8CVSS8.3AI score0.33512EPSS

CVE•added 2014/10/22 2:55 p.m.•72 views

CVE-2014-8088

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

5CVSS9.4AI score0.00608EPSS

CVE•added 2017/08/07 5:29 p.m.•40 views

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

9.1CVSS9.1AI score0.00289EPSS

CVE•added 2017/06/08 9:29 p.m.•37 views

CVE-2015-1786

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

8.8CVSS8.7AI score0.00113EPSS